1994-08-24 - Re: Zimmermann/NSA debate postponed

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: rfb@lehman.com
Message Hash: 9b83790f85bc28ff65cd3023a9324b014453c7117ff05b1fb0fc7fa6092c63c3
Message ID: <199408240440.VAA06740@netcom4.netcom.com>
Reply To: <9408240400.AA18251@fnord.lehman.com>
UTC Datetime: 1994-08-24 04:41:28 UTC
Raw Date: Tue, 23 Aug 94 21:41:28 PDT

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Tue, 23 Aug 94 21:41:28 PDT
To: rfb@lehman.com
Subject: Re: Zimmermann/NSA debate postponed
In-Reply-To: <9408240400.AA18251@fnord.lehman.com>
Message-ID: <199408240440.VAA06740@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

> It may very well be that he only signs messages to `public' forums or
> that he only signs things when he considers the message to be more
> important than normal, however, the majority of the messages that he
> has sent out to cypherpunks, alt.security.pgp, etc. in, say, the last

I don't think this is the case. Most PRZ messages I've seen have been
unsigned; only the recent ones on the PGP 2.6 business have been signed.

I use MacPGP on my home Mac...I don't trust Netcom or any other system
outside my direct control for this. I figure if it's worth signing,
it's worth signing with a secure key, not just a "casual grade" key
(this is the term used by Jay P.P. and others for crypto on unsecured
machines...this involves having more than one public key, etc.).

(This is the main answer to Ed Carp's suggestion about PGP in elm.)

> Hmmmm.  FWIW, it typically requires two keystrokes for me to do any of
> the half dozen PGP operations that I do most often.  I've heard of at
> least three other emacs-based interfaces for simplifying PGP
> interaction and there seem to be quite a few other `helper' packages
> around for other email environments.

See above. I'm not interested in the various elm and emacs PGP
packages. Any sysop can not only obtain your secret key, stored on his
system, but he can also capture your passphrase as you feed it to the
PGP program (assuming you do...many people automate this part as

Since this sysop or one of his cronies can then compromise your mail,
sign messages and contract as "you," I consider this totally
unacceptable. Others apparently don't.

> regardless of the content.  In any case, I find it quite disappointing
> to hear that one of the cypherpunks founders frowns on people actually
> using strong crypto on a routine basis.  Sigh...


--Tim May

Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."