1993-04-07 - Re: Smaller is better.

Header Data

From: J. Michael Diehl <mdiehl@triton.unm.edu>
To: fergp@sytex.com (Paul Ferguson)
Message Hash: 222298d1e6b7a5d8d937c6c8b663d0fbd914b64d8469fda7688d3ba657d41941
Message ID: <9304070327.AA23357@triton.unm.edu>
Reply To: <mmmL2B1w165w@sytex.com>
UTC Datetime: 1993-04-07 03:28:44 UTC
Raw Date: Tue, 6 Apr 93 20:28:44 PDT

Raw message

From: J. Michael Diehl <mdiehl@triton.unm.edu>
Date: Tue, 6 Apr 93 20:28:44 PDT
To: fergp@sytex.com (Paul Ferguson)
Subject: Re: Smaller is better.
In-Reply-To: <mmmL2B1w165w@sytex.com>
Message-ID: <9304070327.AA23357@triton.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain

Well, I guess I started this thread, so lets see if I can finish it... ;^)

> On Mon, 05 Apr 93 12:36:09 PST,
>  Jonathan Stigelman <uunet!transam.ece.cmu.edu!stig> writes -
> JS> Yeah....  So if your key can be snooped off the net, so can your
> JS> cleartext.  To decript online, then, is akin to using only weak
> JS> encription...which indicates only the desire for limited privacy.
> JS> But if even if you do decript online, you're still protected from
> JS> file snooping.

This is akin to using an umbrella with a hole in it and saying, "Well, at least 
my face doesn't get wet.  If you want to stay dry, you want to stay COMPLETELY

> JS> What's needed is PGP decription built into your terminal program.

Someone posted a program, link, that would encrypt modem communcations.  Would
you post an address for it.  I can't find where I put it.

>  I think that you guys are missing the point here. IMHO, if you wish
>  maximum assurance of security, than I'd suggest not trying to run
>  programs such as PGP on a multi-user system to begin with! What's
>  wrong with using a PC for this? It offfers a maximum convenience,
>  single-user secure system quite unlike the security problems
>  associated with your university's mainframe.

This is, IMHO, the best solution.  BTW, I have several telix scripts that make
it actually convenient, even at 1200 baud!  (gak!).  I would post them, but they
are trivial.  Thanx, Phantom, for the suggestion.  

What we need here is a "security package" that we distribute in an effort to 
make it easier to use secure practices.

>  The PC offers the communications availability and the flexibilty to
>  provide an extremely high level of privacy, if you know what you're
>  doing.

And many people don't...  I've taken a minor flame or two for asking for help 
with using pgp on this list.  The whole point of this list, IMHO, is to make
strong security practices as easy and as wide-spread as possible.  Correct me
if I'm wrong.

| J. Michael Diehl ;-) |  I thought I was wrong once.  But, I was mistaken. |
|                      +----------------------------------------------------+
| mdiehl@triton.unm.edu| "I'm just looking for the opportunity to be        |
| Thunder@forum        |            Politically Incorrect!                  |
| (505) 299-2282       |                        <me>                        |