From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Mon, 11 Nov 1996 11:45:52 -0800 (PST)
To: "'Dale Thorn'" <dthorn@gte.net>
Subject: RE: Apology to Dale Thorn
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961111194442Z-2433@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn writes (in part):

>I'm tending to think that, instead of using PGP for all encoding (even
>though it may have multiple facilities for all situations), a message
>could be encrypted with a good trusted private-key system or whatever,
>then the private key encrypted with the Public Key software and sent
>either separately or with the message.

But you've described exactly what PGP does.  It encrypts the message
with a "good, trusted private-key system" -- IDEA, which has undergone
significant peer review, has a long-enough key (128 bits), and has
exhibited no significant weaknesses or shortcuts to brute force (which
is impossible, given the key length).  It then encrypts the IDEA session
key that was used with the recipient's public key, and bundles the the
IDEA-encrypted message and the RSA-encrypted session key (and
optionally, a signed hash of the message) for delivery to the recipient.

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================