Keyed-MD5, ITAR, and HTTP-NG
James Black
black at eng.usf.edu
Mon Oct 30 18:30:26 PST 1995
Hello,
On Mon, 30 Oct 1995, Rich Graves wrote:
> On Mon, 30 Oct 1995, Doug Hughes wrote:
>
> I would think that you would worry more about your users getting a false
> sense of security from storing secret keys on a large multiuser system
> than about being held liable for naughty PGP-encrypted traffic. I don't
> see how you could be held liable anyway. How is PGP that much different
> from allowing your users to set a password on their account? It makes it
> harder for root to invade their privacy, but in general, we have very
> stringent requirements that must be satisfied before we'll read user
> directories or mail.
As a student I am concerned with the false security, and that was
mentioned while we were talking (today). As to liability, it is
important that no one can come back and hold the school liable. Once the
messages can be encrypted then it is harder to read the messages, but not
impossible, unless the students keep the key on a disk, and just ftp it
into the account everytime. The fact is that that won't be the rule, so
the admin can still read messages, but there will need to be clear-cut
reasons for them to do that (IMOHO). I am curious what requirements must
be met. I guess there are more schools that allow this than I expected
<g>. Well thanx for replying. Take care and have fun.
James Black
black at suntan.eng.usf.edu
More information about the cypherpunks-legacy
mailing list