1994-08-24 - Re: Using PGP on Insecure Machines

Header Data

From: jamesh@netcom.com (James Hightower)
To: perry@imsi.com
Message Hash: 05510b4b0f467bfbf03093e74b7d64d4dae6c777241f0239f93ac93c995f2167
Message ID: <199408241742.KAA17319@netcom17.netcom.com>
Reply To: <9408241335.AA03303@snark.imsi.com>
UTC Datetime: 1994-08-24 17:42:16 UTC
Raw Date: Wed, 24 Aug 94 10:42:16 PDT

Raw message

From: jamesh@netcom.com (James Hightower)
Date: Wed, 24 Aug 94 10:42:16 PDT
To: perry@imsi.com
Subject: Re: Using PGP on Insecure Machines
In-Reply-To: <9408241335.AA03303@snark.imsi.com>
Message-ID: <199408241742.KAA17319@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

Tim sez:
> What is being missed here is the issue of where the PGP operations are
> being done. If done on a machine outside the direct control of the
> user, obvious security holes exist.

Perry sez:
> Also importantly, the user interfaces for PGP simply suck as it
> stands, making people like Tim uninterested in going through the
> rigamarole needed to use it on a day to day basis. The real revolution
> isn't going to come until people are able to use PGP and the rest both
> reasonably securely without it being especially noticable that they
> are doing so -- and that is a while off.

Which brings me to the question; "What ARE people using, and what are
they GOING to use?" Can anyone point me to a survey of the most used
ways for e-mail to get on the net, and what will be most used in the
future? The problem of insecure machines can be dealt with, but right
now I have only knowledge of the insecure machine I use for email, and
how I deal with it.

If no such surveys exist (which I find hard to believe) than I'll do
one myself.

Also, with this NII/SuperDuperHighway/Infobahn thing happening in the U.S.,
and the impending market war between Microsoft, Sega, Nintendo and
Scientific Atlanta to supply the Set Top Box that will give John Q. Consumer
his movies-on-demand and access to the SuperMall(TM) and, incidentally, his
E-mail capability, it might be a good thing to know in advance what J. Q.
Consumer will be using so that we can be there with strong, usable
crypto when he gets there.