From: mccoy@ccwf.cc.utexas.edu (Jim McCoy)
Date: Wed, 7 Apr 93 09:25:24 PDT
To: fergp@sytex.com (Paul Ferguson)
Subject: Re: Smaller is better.
In-Reply-To: <mmmL2B1w165w@sytex.com>
Message-ID: <9304071625.AA25481@flubber.cc.utexas.edu>
MIME-Version: 1.0
Content-Type: text


fergp@sytex.com (Paul Ferguson) writes:
> 
> On Mon, 05 Apr 93 12:36:09 PST,
>  Jonathan Stigelman <uunet!transam.ece.cmu.edu!stig> writes -
>  
> JS> [pgp on multi-user systesm stuff]
>  
>  I think that you guys are missing the point here. IMHO, if you wish
>  maximum assurance of security, than I'd suggest not trying to run
>  programs such as PGP on a multi-user system to begin with! What's
>  wrong with using a PC for this? It offfers a maximum convenience,
>  single-user secure system quite unlike the security problems
>  associated with your university's mainframe.

Some people either do not have the option, or need the convenience of a
multi-user system.  My PC is sitting at home with a toasted modem (waiting
for a Paradyne to arrive... :) and even when it is running fine I spend
8-12 hours a day working on multi-user systems with connectivity that is
light-years beyond what my PC has.  If I want to send out am email message
and do not want to spend an hour walking home, encrypting it, walking back,
and then transferring the file and sending it I will use my copy of PGP on
a multi-user machine.  I have a different key that I use (my key on a
server) for this type of communication and accept and understand the
consequences of using PGP in this manner.

As long as the user knows the weaknesses of the system they are using they
should make thier own choices regarding how to use PGP.  You may consider
your PC at home to be completely safe and secure, but unless you recognize
the weaknesses of that particular setup you are not reaching the "maximum
assurance of security" that you claim.

jim