1994-02-25 - Re: your mail

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: sdw@meaddata.com (Stephen Williams)
Message Hash: 3172a64989a400ce388b4dee5d7ac970b68ddc0caaf32548667ff9993fba17b7
Message ID: <9402252055.AA17995@toxicwaste.media.mit.edu>
Reply To: <9402251519.AA20453@jungle.meaddata.com>
UTC Datetime: 1994-02-25 20:56:04 UTC
Raw Date: Fri, 25 Feb 94 12:56:04 PST

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 25 Feb 94 12:56:04 PST
To: sdw@meaddata.com (Stephen Williams)
Subject: Re: your mail
In-Reply-To: <9402251519.AA20453@jungle.meaddata.com>
Message-ID: <9402252055.AA17995@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain

> Although I'm still uncomfortable about the non-crypto user key, there is
> a simple solution to the problem of executable/data transmission:
> Send it as Perl, Postscript, Tcl, whatever.

You are assuming that I (I being every possible recipient) have PERL
available!  While in my particular case this is probably not a bad
assumption, it is a horrible assumption in the long-run.  What about
people with their 20M IBM PC-XT DOS machines?  They probably don't
have PERL.  And I *know* that most Mac users do not have PERL.

I'm not saying that PERL would be a bad thing to use.  You could also
theoretically use sh and cc!  But the problem is you have to assume
that *every* user has these available, and that is a bad assumption.
If you are going to assume that, you might as well assume that they
have PGP and save all the trouble!  Why not just assume they have PGP
and generate a file which will execute PGP on itself?  That solves the
problem, and is secure. (Well, it doesn't solve the problem of a user
running a random exacutable sent in the mail).

BTW: I must apologize for interchanging "binary" for "exacutable"...
I tend to do it a lot, and in the context I confused the topic.  When
I said that the problem was sending a binary for every machine, I
meant the problem was creating something that could execute on every
machine.  While PERL is a compromise, it is definitely not the panacea
to this problem.  Do you want to target certain architechtures?  I
hope not.

Just use PGP.  Remember, PERL is the wrong solution to every problem. ;-)


         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
         PGP key available from pgp-public-keys@pgp.mit.edu
            warlord@MIT.EDU       PP-ASEL        N1NWH