From: ahupp@primenet.com (Adam Hupp)
Date: Fri, 1 Dec 1995 15:32:58 +0800
To: Jon Lasser <jlasser@rwd.goucher.edu>
Subject: Re: key for Alice as promised (not)
Message-ID: <199512010334.UAA07818@usr2.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


>On Tue, 28 Nov 1995, Adam Hupp wrote:
>
>> >Can you imagine??  I'm simply not willing to fool myself into thinking 
>> >that I ahve security by posting a key and using PGP.
>> 
>> Unless you can post some proof that PGP is insecure, stop insisting it is.
>
>Hold on a minute.  Alice is, here, 100% correct.
>
>If I use PGP to read messages and there's a videocamera trained on the 
>keyboard, and other people have access to the machine, PGP is not 
>secure.  Similarly, if PGP is on a computer which other people may use 
>without my supervision, they can  monitor keystrokes, etc. and PGP is not 
>secure.
>
>A chain is only as strong as its weakest link; Alice recognizes this, and 
>makes no claim that PGP itself is the weak link.  The weak link is the 
>physical security of the system which Alice claims to use.
>
>Jon
>------------------------------------------------------------------------------
>Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
>          Visit my home page at http://www.goucher.edu/~jlasser/
>  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.
>
>

I guess I missed Alice's point, but I gave it more thought and Alice is
still wrong:

1) If someone DID monitor Alice, that almost defanitly means the remailer
chain was compromised. The weakest link here is the remailer chain, not
Alice's computer's physical security.*  If Alice's true address is not
known, there cannot be any monitoring of his/her computer (unless it for
some other reason than "Alice").

2) This whole deal is about Alice signing his/her messages, not encrypting
them.  What Alice would be giving up if his/her computer were compromised
would not be security, but identity. The most Alice could lose, IF the
remailer chain were compromised and IF his/her computer's physical security
were compromised is his/her's reputation by spoofing (loss of
pseudo-anonaminity is a given if the attacker gets that far).  Those are
some really big Ifs.

*BTW, the chain is NOT as strong as it's weakest link.  If I send mail to a
remailer, and it strips the headers like it's supposed to, but sends the
mail to a compromised remailer (the weak link), I am just as secure as before. 

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQBtAzCNppQAAAEDALhWZl7IuGZ9zZT5bACo0b/1L0Nv0C72vKHIO3IHh+cwpHHa
2Ozb9aeO0UvXGwkkZIYgUm0EvmzKh7yb1GTLvBp5kXpR3I9w+Yj4LGlBDERpUWw6
x4ED49pwDnz1Hl5FBQAFEbQYYXNoIDxhaHVwcEBwcmltZW5ldC5jb20+
=PtJK
-----END PGP PUBLIC KEY BLOCK-----