1994-08-24 - Re: PGP use

Header Data

From: Rick Busdiecker <rfb@lehman.com>
To: “Timothy C. May” <tcmay@netcom.com>
Message Hash: 04214c5e509d8d7e721ee20a4f144c0b533c9733359d31035af22a5b7a236353
Message ID: <9408242350.AA12962@fnord.lehman.com>
Reply To: <199408240837.BAA25937@netcom14.netcom.com>
UTC Datetime: 1994-08-24 23:58:40 UTC
Raw Date: Wed, 24 Aug 94 16:58:40 PDT

Raw message

From: Rick Busdiecker <rfb@lehman.com>
Date: Wed, 24 Aug 94 16:58:40 PDT
To: "Timothy C. May" <tcmay@netcom.com>
Subject: Re: PGP use
In-Reply-To: <199408240837.BAA25937@netcom14.netcom.com>
Message-ID: <9408242350.AA12962@fnord.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain

    From: "Timothy C. May" <tcmay@netcom.com>
    Date: Wed, 24 Aug 1994 01:37:39 -0700 (PDT)
    What is being missed here is the issue of where the PGP operations are
    being done. If done on a machine outside the direct control of the
    user, obvious security holes exist.

I don't suppose that you'd care to describe a situation with
absolutely no security holes, would you?

If not, can we conclude that any attempt to do anything related to
security is, in your opinion, silly?

What's wrong with the following approach:
 - Try to control what you can control.
 - Try to recognize what you cannot control.
 - Try to reduce the second set in favor of the first.

Using PGP on Unix systems where you are not root *does* have a place
in this framework.