1993-04-06 - Re: PGP help and comments.

Header Data

From: karn@qualcomm.com (Phil Karn)
To: mdiehl@triton.unm.edu (J. Michael Diehl)
Message Hash: b83b6e3eebd9225fe9d113d922c9e3da358d771a9ba689a0faecd4eb2245205d
Message ID: <9304062339.AA22656@servo>
Reply To: N/A
UTC Datetime: 1993-04-06 23:39:24 UTC
Raw Date: Tue, 6 Apr 93 16:39:24 PDT

Raw message

From: karn@qualcomm.com (Phil Karn)
Date: Tue, 6 Apr 93 16:39:24 PDT
To: mdiehl@triton.unm.edu (J. Michael Diehl)
Subject: Re: PGP help and comments.
Message-ID: <9304062339.AA22656@servo>
MIME-Version: 1.0
Content-Type: text/plain


At 01:58 AM 4/4/93, Jim McCoy wrote:
>J. Michael Diehl <mdiehl@triton.unm.edu> writes:
>> 
>> I would like to use pgp on the mainframes, but don't want to store my secret
>> key on their disks.
>This is even more dangerous than storing it on the disks of a multi-user
>machine.

I agree 100%. Security packages like PGP are meaningful only when you
have your own personal machine to run it on. Indeed, it would be nice if
PGP could somehow tell when it is being run over a network, and severely
warn the user when he is about to type something secret (like a passphrase).
I don't know of any clean way to do it, though.

Phil





Thread