Re: key for Alice as promised (not)
On Tue, 28 Nov 1995, Adam Hupp wrote:
Can you imagine?? I'm simply not willing to fool myself into thinking that I ahve security by posting a key and using PGP.
Unless you can post some proof that PGP is insecure, stop insisting it is.
PGP is really not the issue. The issue is more my security and the environment that I use PGP in. I don't have a trusted machine to run PGP on. Anyone who wants to can come up to machine and copy my secret keyring or they can even watch me typing my password in.
So, I don't fool myself, and I don't use PGP, except for things like exchanging a one-time pad with someone when I've already sent the message out across another delivery mechanism, like on a floppy delivered my courier.
Alice de 'nonymous ...
You're a bonehead. On the one hand, you FAIL to stop or dramatically reduce claimed spoofings of your notes by using PGP (which would almost certainly work perfectly for this limited purpose) yet you claim that you'll only trust PGP in a limited scenario of courier-delivered data! Talk about "penny-wise and pound foolish"! Wake up, idiot! The purpose of encryption and signing and such is to REDUCE problems, ideally to zero but if not to some adequately small value. To fail to use signing when there is no ongoing problem is risky; to not use signing when there is a serious continuing problem is downright lunatic. That sets up an irresolvable contradiction: On the one hand, you're willing to tolerate a continuing problem, yet on the other you claim that your standards are so high that you won't use a system unless the probability of security essentially precludes a loss of security. Now can you see why we're laughing?
Hello, On Wed, 29 Nov 1995, jim bell wrote:
Wake up, idiot! The purpose of encryption and signing and such is to REDUCE problems, ideally to zero but if not to some adequately small value. To fail to use signing when there is no ongoing problem is risky; to not use signing when there is a serious continuing problem is downright lunatic. That sets up an irresolvable contradiction: On the one hand, you're willing to tolerate a continuing problem, yet on the other you claim that your standards are so high that you won't use a system unless the probability of security essentially precludes a loss of security.
Unfortunately priorities are mixed up here. Reputation should be more important, unless Alice is actually a group of teenagers that are just having fun at the lists expense, and could care less what they write as long as it gets a response. If the writer actually cared about his reputation then a digital signature would be the best way to go, but a different encryption scheme should be used for the signature than the message. Just my $0.02, but if Alice continues to just not care about his reputation, and people can't verify that the same writer(s) wrote it, then maybe ignoring posts would be a good choice. Take care and have fun. ========================================================================== James Black (Comp Sci/Comp Eng sophomore) e-mail: black@eng.usf.edu http://www.eng.usf.edu/~black/index.html **************************************************************************
participants (2)
-
James Black -
jimbell@pacifier.com