1996-03-09 - Re: PGP to PC mail integration

Header Data

From: “E. ALLEN SMITH” <EALLENSMITH@ocelot.Rutgers.EDU>
To: willer@carolian.com
Message Hash: 3760dae52ba73b904577a4f91373df6060ef8b22874ed8d3d13e362fdaafb489
Message ID: <01I23UGYZTP0AKTTTI@mbcl.rutgers.edu>
Reply To: N/A
UTC Datetime: 1996-03-09 05:12:24 UTC
Raw Date: Sat, 9 Mar 1996 13:12:24 +0800

Raw message

From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 9 Mar 1996 13:12:24 +0800
To: willer@carolian.com
Subject: Re: PGP to PC mail integration
Message-ID: <01I23UGYZTP0AKTTTI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"willer@carolian.com"  1-MAR-1996 18:50:23.84

>I wrote:
>>	You'd put something into the mail message itself that would tell it
>>"don't encrypt this" and/or "don't sign this". Hmm... you'd need to put in
>>messages to be signed and/or encrypted your passphrase, or have it gotten
>>some other way... which doesn't look very safe.

>Not very user-friendly either.

	That depends on one's standards. I prefer text-based interfaces, and
they are needed for many setups.

>Usually the proxy would be on the same machine as the mail program (i.e. "your
>machine"). That would mean the "attack proxy" would have to be installed on
>the user's PC, and if someone has that kind of access to your machine, their
>secret keyring is vulnerable anyway.

	Good point. This also argues against the passphrase into the mail
being that much of a problem... with the massive exception of something going
wrong with the mail proxy program so that it lets through the email, with the
passphrase and possibly without any encryption.
	However, as has been pointed out on other aspects of this, one could
have the passphrase entered once (in a special mail message with no valid
To: address, for instance) per session.
	-Allen





Thread