On Mon, 05 Apr 93 12:36:09 PST, Jonathan Stigelman <uunet!transam.ece.cmu.edu!stig> writes - JS> Yeah.... So if your key can be snooped off the net, so can your JS> cleartext. To decript online, then, is akin to using only weak JS> encription...which indicates only the desire for limited privacy. JS> But if even if you do decript online, you're still protected from JS> file snooping. JS> What's needed is PGP decription built into your terminal program. I think that you guys are missing the point here. IMHO, if you wish maximum assurance of security, than I'd suggest not trying to run programs such as PGP on a multi-user system to begin with! What's wrong with using a PC for this? It offfers a maximum convenience, single-user secure system quite unlike the security problems associated with your university's mainframe. The PC offers the communications availability and the flexibilty to provide an extremely high level of privacy, if you know what you're doing. You should try it sometime .... Cheers. Paul Ferguson | "Sincerity is fine, but it's no Network Integration Consultant | excuse for stupidity." Centreville, Virginia USA | -- Anonymous fergp@sytex.com (Internet) | sytex.com!fergp (UUNet) | 1:109/229 (FidoNet) | PGP 2.2 public encryption key available upon request.
Well, I guess I started this thread, so lets see if I can finish it... ;^)
On Mon, 05 Apr 93 12:36:09 PST, Jonathan Stigelman <uunet!transam.ece.cmu.edu!stig> writes - JS> Yeah.... So if your key can be snooped off the net, so can your JS> cleartext. To decript online, then, is akin to using only weak JS> encription...which indicates only the desire for limited privacy. JS> But if even if you do decript online, you're still protected from JS> file snooping.
This is akin to using an umbrella with a hole in it and saying, "Well, at least my face doesn't get wet. If you want to stay dry, you want to stay COMPLETELY dry.
JS> What's needed is PGP decription built into your terminal program.
Someone posted a program, link, that would encrypt modem communcations. Would you post an address for it. I can't find where I put it.
I think that you guys are missing the point here. IMHO, if you wish maximum assurance of security, than I'd suggest not trying to run programs such as PGP on a multi-user system to begin with! What's wrong with using a PC for this? It offfers a maximum convenience, single-user secure system quite unlike the security problems associated with your university's mainframe.
This is, IMHO, the best solution. BTW, I have several telix scripts that make it actually convenient, even at 1200 baud! (gak!). I would post them, but they are trivial. Thanx, Phantom, for the suggestion. What we need here is a "security package" that we distribute in an effort to make it easier to use secure practices.
The PC offers the communications availability and the flexibilty to provide an extremely high level of privacy, if you know what you're doing.
And many people don't... I've taken a minor flame or two for asking for help with using pgp on this list. The whole point of this list, IMHO, is to make strong security practices as easy and as wide-spread as possible. Correct me if I'm wrong. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl@triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder@forum | Politically Incorrect! | | (505) 299-2282 | <me> | +----------------------+----------------------------------------------------+
fergp@sytex.com (Paul Ferguson) writes:
On Mon, 05 Apr 93 12:36:09 PST, Jonathan Stigelman <uunet!transam.ece.cmu.edu!stig> writes -
JS> [pgp on multi-user systesm stuff]
I think that you guys are missing the point here. IMHO, if you wish maximum assurance of security, than I'd suggest not trying to run programs such as PGP on a multi-user system to begin with! What's wrong with using a PC for this? It offfers a maximum convenience, single-user secure system quite unlike the security problems associated with your university's mainframe.
Some people either do not have the option, or need the convenience of a multi-user system. My PC is sitting at home with a toasted modem (waiting for a Paradyne to arrive... :) and even when it is running fine I spend 8-12 hours a day working on multi-user systems with connectivity that is light-years beyond what my PC has. If I want to send out am email message and do not want to spend an hour walking home, encrypting it, walking back, and then transferring the file and sending it I will use my copy of PGP on a multi-user machine. I have a different key that I use (my key on a server) for this type of communication and accept and understand the consequences of using PGP in this manner. As long as the user knows the weaknesses of the system they are using they should make thier own choices regarding how to use PGP. You may consider your PC at home to be completely safe and secure, but unless you recognize the weaknesses of that particular setup you are not reaching the "maximum assurance of security" that you claim. jim
participants (3)
-
fergp@sytex.com -
J. Michael Diehl -
mccoy@ccwf.cc.utexas.edu