1996-03-02 - Re: PGP to PC mail integration

Header Data

From: willer@carolian.com (Steve Willer)
To: cypherpunks@toad.com
Message Hash: 590362493fcb70dec4e37b7cc9fb8fc132a2f52c8b76cf17925069dd384840b6
Message ID: <31374977.245533825@saturn>
Reply To: <01I1SHIHFEBKAKTPB8@mbcl.rutgers.edu>
UTC Datetime: 1996-03-02 00:35:29 UTC
Raw Date: Sat, 2 Mar 1996 08:35:29 +0800

Raw message

From: willer@carolian.com (Steve Willer)
Date: Sat, 2 Mar 1996 08:35:29 +0800
To: cypherpunks@toad.com
Subject: Re: PGP to PC mail integration
In-Reply-To: <01I1SHIHFEBKAKTPB8@mbcl.rutgers.edu>
Message-ID: <31374977.245533825@saturn>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Feb 1996 15:50 EDT, you wrote:

>	You'd put something into the mail message itself that would tell it
>"don't encrypt this" and/or "don't sign this". Hmm... you'd need to put in
>messages to be signed and/or encrypted your passphrase, or have it gotten some
>other way... which doesn't look very safe.

Not very user-friendly either.

>An attacker could still potentially slip
>something in between the mail program and the proxy program, though - the same
>problem as with the passphrase in the message. 

Usually the proxy would be on the same machine as the mail program (i.e. "your
machine"). That would mean the "attack proxy" would have to be installed on the
user's PC, and if someone has that kind of access to your machine, their secret
keyring is vulnerable anyway.






Thread