From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 30 Nov 1995 00:08:09 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: key for Alice as promised (not)
Message-ID: <199511291558.KAA15623@homeport.org>
MIME-Version: 1.0
Content-Type: text


> > >Can you imagine??  I'm simply not willing to fool myself into thinking 
> > >that I ahve security by posting a key and using PGP.
> > 
> > Unless you can post some proof that PGP is insecure, stop insisting it is.
> 
> PGP is really not the issue.  The issue is more my security and the
> environment that I use PGP in.  I don't have a trusted machine to run PGP
> on.  Anyone who wants to can come up to machine and copy my secret keyring
> or they can even watch me typing my password in. 

	Threat, please??  Do people often stand over your shoulder as
you type?  Enter your office, point guns at you, and take a backup of
your entire computer?  Have you considered putting the secret keyring
on a floppy and locking it in your desk/safe when you're not actually
in the office? (Or home..)

> So, I don't fool myself, and I don't use PGP, except for things like
> exchanging a one-time pad with someone when I've already sent the message
> out across another delivery mechanism, like on a floppy delivered my
> courier. 

	I don't follow.  You're claiming that PGP is good enough to
transfer OTPads, but not good enough to sign pseudononymous messages?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume