From: J. Michael Diehl <mdiehl@triton.unm.edu>
Date: Sun, 4 Apr 93 19:06:26 PDT
To: szabo@techbook.com (Nick Szabo)
Subject: Re: PGP help and comments.
In-Reply-To: <m0nfZem-0006WuC@techbook.techbook.com>
Message-ID: <9304050206.AA13467@triton.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


> [lost attributions, sorry]
So did I! ;^)

> >> I could do an ascii upload of my secret key and never expose my
> >> key to disk-storage.
> > This is even more dangerous than storing it on the disks of a multi-user
> > machine.  Unless you are running in a kerberos environment it is trivial to
> > snoop your upload off the network...
> I don't find the risk of a real-time snoop to be as bad as the risk
> of a future snoop finding my private key alongside encrypted files that 
> have been stored forever (backups).

I am the writer of the original post, and I quite agree with the responce that
said that this was a bad idea.  The whole point in being secure, is being as
secure as possible.

> To mitigate either problem, how about having two layers of encryption: a 
> private key to decrypt files for reading on a public machine, and a second
> public/private pair to reencrypt the files for storage and 
> transmission to the home machine.  The public machine knows 
> the first private key (if snooped) and the second public key; only the 
> home machine knows the second private key.  Snooping the first private 

You still have to store a secret key somewhere.  And to do that, you must trust
your system administrater.....

> key compromises only unread and future messages until the key is 
> changed.  Messages archived in the reencrypted state are secure, but
> messages archived in the unread state with the first private key are 
> still compromised forever.  Is backing up mail directories a common 
> practice?  Are there (probably system-dependent) ways to avoid backups,
> such as anticipating or detecting when backups are about to occur,
> hidden directories, file permissions, etc?
> 
> Also, this system introduces some user hostility, in that 
> reencrypted files cannot be read again until moved to the 
> home machine.  

It was suggested that I keep my public keyring on the mainframe and use it to
read mail.  When I want to send mail, I encrypt it at home and upload it into
my mailer.  This is what I do now.  I forgot who you were, but you gave me a 
good idea.  Thanx.

> Another idea is to implement the relevant features of Kerberos in
> a high-level client/server package that can be used to secure personal 
> network communications of this kind.  The package could be distributed 
> with PGP.  

What are these features?  I don't know what kerberos is.


+----------------------+----------------------------------------------------+
| J. Michael Diehl ;-) |  I thought I was wrong once.  But, I was mistaken. |
|                      +----------------------------------------------------+
| mdiehl@triton.unm.edu| "I'm just looking for the opportunity to be        |
| Thunder@forum        |            Politically Incorrect!                  |
| (505) 299-2282       |                        <me>                        |
+----------------------+----------------------------------------------------+