1994-08-24 - Re: Using PGP on Insecure Machines

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: tcmay@netcom.com (Timothy C. May)
Message Hash: 68d86973b8af01485dabe1849ea1c0e58861cefe96839ef8cf1e074bff14e660
Message ID: <9408241335.AA03303@snark.imsi.com>
Reply To: <199408240630.XAA26030@netcom4.netcom.com>
UTC Datetime: 1994-08-24 13:36:05 UTC
Raw Date: Wed, 24 Aug 94 06:36:05 PDT

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Wed, 24 Aug 94 06:36:05 PDT
To: tcmay@netcom.com (Timothy C. May)
Subject: Re: Using PGP on Insecure Machines
In-Reply-To: <199408240630.XAA26030@netcom4.netcom.com>
Message-ID: <9408241335.AA03303@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May says:
> Some folks who use PGP on such machines at least take steps to better
> secure things....Perry Metzger, for example, once described the
> multi-stage process he went through each day to reload his key
> material in a way he felt was quasi-safe. 

Quasi. I'm pretty sure that anyone who cared enough could have gotten
hold of my ancient pmetzger@shearson.com key, which I keep around only
for nostalgia reasons at this point -- I believe its one of the oldest
keys still on the rings. On the few occassions when I've truly cared,
I've generated new keys to use and only used them for a brief period
-- PGP provides very poor forward secrecy.

(By the way, I've become convinced with time that the forward secrecy
characteristics of systems like this are far more important than
people believe, especially since keys are likely to be so poorly
managed by most non-paranoid users. Diffie-Hellman provides perfect
forward secrecy.)

Tim's point is, however, correct -- using PGP on Joe Random
University's central computing facility is not the way to go if you
are really concerned about security. You have to run it only on
hardware you personally control, and which others do not have much if
any physical or network access to.

Also importantly, the user interfaces for PGP simply suck as it
stands, making people like Tim uninterested in going through the
rigamarole needed to use it on a day to day basis. The real revolution
isn't going to come until people are able to use PGP and the rest both
reasonably securely without it being especially noticable that they
are doing so -- and that is a while off.

Perry

Thread

• Return to August 1994

• Return to “alex <cp@omaha.com>”
• Return to “cactus@bb.com (L. Todd Masco)”
• Return to “Carl Ellison <cme@tis.com>”
• Return to “Dave Horsfall <dave@esi.COM.AU>”
• Return to “hughes@ah.com (Eric Hughes)”
• Return to “jamesd@netcom.com (James A. Donald)”
• Return to “jamesh@netcom.com (James Hightower)”
• Return to “jkreznar@ininx.com (John E. Kreznar)”
• Return to “khijol!erc@apple.com (Ed Carp [Sysadmin])”
• Return to “Linn Stanton <lstanton@sten.lehman.com>”
• Return to “NetSurfer <jdwilson@gold.chem.hawaii.edu>”
• Return to “paul@poboy.b17c.ingr.com (Paul Robichaux)”
• Return to ““Perry E. Metzger” <perry@imsi.com>”
• Return to “Philip Zimmermann <prz@acm.org>”
• Return to “pstemari@bismark.cbis.com (Paul J. Ste. Marie)”
• Return to “Rick Busdiecker <rfb@lehman.com>”
• Return to “strick – henry strickland <strick@versant.com>”

• Return to “tcmay@netcom.com (Timothy C. May)”

• 1994-08-23 (Tue, 23 Aug 94 15:07:50 PDT) - Zimmermann/NSA debate postponed - Philip Zimmermann <prz@acm.org>
  • 1994-08-23 (Tue, 23 Aug 94 16:42:52 PDT) - Re: Zimmermann/NSA debate postponed - Rick Busdiecker <rfb@lehman.com>
    • 1994-08-24 (Tue, 23 Aug 94 17:03:56 PDT) - Re: Zimmermann/NSA debate postponed - strick – henry strickland <strick@versant.com>
    • 1994-08-24 (Tue, 23 Aug 94 17:48:32 PDT) - Re: Zimmermann/NSA debate postponed - tcmay@netcom.com (Timothy C. May)
      • 1994-08-24 (Tue, 23 Aug 94 20:14:16 PDT) - Re: Zimmermann/NSA debate postponed - khijol!erc@apple.com (Ed Carp [Sysadmin])
      • 1994-08-24 (Tue, 23 Aug 94 21:01:06 PDT) - Re: Zimmermann/NSA debate postponed - Rick Busdiecker <rfb@lehman.com>
        • 1994-08-24 (Tue, 23 Aug 94 21:41:28 PDT) - Re: Zimmermann/NSA debate postponed - tcmay@netcom.com (Timothy C. May)
          • 1994-08-24 (Tue, 23 Aug 94 22:11:13 PDT) - Re: Zimmermann/NSA debate postponed - cactus@bb.com (L. Todd Masco)
            • 1994-08-24 (Tue, 23 Aug 94 23:46:28 PDT) - Using PGP on Insecure Machines - tcmay@netcom.com (Timothy C. May)
              • 1994-08-24 (Wed, 24 Aug 94 02:29:54 PDT) - Re: Using PGP on Insecure Machines - cactus@bb.com (L. Todd Masco)
              • 1994-08-24 (Wed, 24 Aug 94 06:36:05 PDT) - Re: Using PGP on Insecure Machines - “Perry E. Metzger” <perry@imsi.com>
                • 1994-08-24 (Wed, 24 Aug 94 09:44:10 PDT) - Re: Using PGP on Insecure Machines - khijol!erc@apple.com (Ed Carp [Sysadmin])
                  • 1994-08-24 (Wed, 24 Aug 94 11:37:19 PDT) - Re: Using PGP on Insecure Machines - paul@poboy.b17c.ingr.com (Paul Robichaux)
                    • 1994-08-25 (Wed, 24 Aug 94 20:38:02 PDT) - Re: Using PGP on Insecure Machines - khijol!erc@apple.com (Ed Carp [Sysadmin])
                  • 1994-08-24 (Wed, 24 Aug 94 14:42:38 PDT) - Re: Using PGP on Insecure Machines - cactus@bb.com (L. Todd Masco)
                • 1994-08-24 (Wed, 24 Aug 94 10:42:16 PDT) - Re: Using PGP on Insecure Machines - jamesh@netcom.com (James Hightower)
                  • 1994-08-24 (Wed, 24 Aug 94 11:29:35 PDT) - Re: Using PGP on Insecure Machines - tcmay@netcom.com (Timothy C. May)
                  • 1994-08-24 (Wed, 24 Aug 94 11:55:55 PDT) - Surveying consumer demand for the info highway - jamesd@netcom.com (James A. Donald)
              • 1994-08-24 (Wed, 24 Aug 94 09:45:45 PDT) - Re: Using PGP on Insecure Machines - khijol!erc@apple.com (Ed Carp [Sysadmin])
                • 1994-08-25 (Wed, 24 Aug 94 17:46:10 PDT) - Re: Using PGP on Insecure Machines - Dave Horsfall <dave@esi.COM.AU>
                  • 1994-08-25 (Thu, 25 Aug 94 00:03:12 PDT) - Re: Using PGP on Insecure Machines - NetSurfer <jdwilson@gold.chem.hawaii.edu>
                    • 1994-08-25 (Thu, 25 Aug 94 16:29:03 PDT) - Re: Using PGP on Insecure Machines - Dave Horsfall <dave@esi.COM.AU>
                  • 1994-08-25 (Thu, 25 Aug 94 06:49:46 PDT) - Knuth (was Using PGP on Insecure Machines) - pstemari@bismark.cbis.com (Paul J. Ste. Marie)
              • 1994-08-24 (Wed, 24 Aug 94 16:36:21 PDT) - Re: Using PGP on Insecure Machines - Rick Busdiecker <rfb@lehman.com>
                • 1994-08-25 (Thu, 25 Aug 94 06:34:38 PDT) - Re: Using PGP on Insecure Machines - Linn Stanton <lstanton@sten.lehman.com>
          • 1994-08-24 (Wed, 24 Aug 94 04:30:28 PDT) - Actually using strong crypto on a routine basis. - jkreznar@ininx.com (John E. Kreznar)
            • 1994-08-25 (Wed, 24 Aug 94 18:55:56 PDT) - Re: Actually using strong crypto on a routine basis. - tcmay@netcom.com (Timothy C. May)
      • 1994-08-24 (Wed, 24 Aug 94 01:05:28 PDT) - Re: Zimmermann/NSA debate postponed - Dave Horsfall <dave@esi.COM.AU>
        • 1994-08-24 (Wed, 24 Aug 94 01:37:38 PDT) - PGP use - tcmay@netcom.com (Timothy C. May)
          • 1994-08-24 (Wed, 24 Aug 94 16:58:40 PDT) - Re: PGP use - Rick Busdiecker <rfb@lehman.com>
        • 1994-08-24 (Wed, 24 Aug 94 06:37:35 PDT) - Re: Zimmermann/NSA debate postponed - “Perry E. Metzger” <perry@imsi.com>
      • 1994-08-28 (Sun, 28 Aug 94 01:15:45 PDT) - Re: Zimmermann/NSA debate postponed - Carl Ellison <cme@tis.com>
        • 1994-08-28 (Sun, 28 Aug 94 10:24:43 PDT) - Re: Zimmermann/NSA debate postponed - alex <cp@omaha.com>
          • 1994-08-29 (Mon, 29 Aug 94 00:16:00 PDT) - Zimmermann/NSA debate postponed - hughes@ah.com (Eric Hughes)