From: Paul Bradley <paul@fatmans.demon.co.uk>
Date: Thu, 19 Jun 1997 01:33:02 +0800
To: Alan <alano@teleport.com>
Subject: Re: Impact of Netscape kernel hole (fwd)
In-Reply-To: <Pine.GSO.3.96.970617151502.27880A-100000@linda.teleport.com>
Message-ID: <Pine.LNX.3.91.970618120447.360B-100000@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain





> All the perp has to do, once the secring.pgp is obtained is "pgp -kvv
> secring.pgp" and he now knows that Joe Cypherpunk and Secret Nym are the
> same person.

Another reason for keeping physical security over keys, nym keys, if it 
is important enough that the nym stays unidentifiable, should be kept on 
a different secring.pgp, which should be kept physically secure on a disk 
and encrypted using some other key than your own real-name secret key 
(this is just a measure to prevent breaking one key revealing the nym). 

        Datacomms Technologies data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: FC76DA85
     "Don`t forget to mount a scratch monkey"