From: jpp@markv.com
Date: Thu, 28 Oct 93 17:43:11 PDT
To: cypherpunks@toad.com
Subject: Re: PGP automation
In-Reply-To: <9310281940.AA28085@beethoven>
Message-ID: <9310281737.aa24269@hermix.markv.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: douglas craig holland <holland@CS.ColoState.EDU>
> [...]  I don't really want to run PGP on CSUNet, since I don't trust
> their machines like I trust mine, but I am thinking about doing that
> and generating a key which I would be wiling to use for less secure
> stuff.  Anyone here have any other suggestions on making encryption
> less of a pain?

  In short, I sugest doing what you are thinking about: use two keys,
a high security key, and a low security key signed by the high one.

  Use a low security key signed by a high security one.  Change the
low security key every so often.  Keep the low security key under a
pass phrase unrelated to the one you use for the high security key,
and don't ever even store the high security key on the multi-user
system.  Then use some package (like my pgpmail.el) which connects
your multi-user system's mail program to pgp.  Sign your posts and
casual mail with the low security key, and if/when it is compromised
you will be able to issue convincing key change notices using the high
security key.  Naturally you should get other folks to sign your high
security key, not the low one.

  That's what I do.

j'
--
                O I am Jay Prime Positive jpp@markv.com 
1250 bit key fingerprint =  B8 95 E0 AF 9A A2 CD A5  89 C9 F0 FE B4 3A 2C 3F
 524 bit key fingerprint =  8A 7C B9 F2 D5 46 4D ED  66 23 F1 71 DE FF 51 48
Public keys by `finger jpp@markv.com' or mail to pgp-public-keys@pgp.mit.edu
Your feedback is welcome, directly or via symbol JPP on hex@sea.east.sun.com