From: cactus@bb.com (L. Todd Masco)
To: cypherpunks@toad.com
Message Hash: f23707e528aff8fbeffb9378d680dbc2c4beeca83929cff2476acb6fe36a2e8b
Message ID: <33f44u$8av@bb.com>
Reply To: <199408240630.XAA26030@netcom4.netcom.com>
UTC Datetime: 1994-08-24 09:29:54 UTC
Raw Date: Wed, 24 Aug 94 02:29:54 PDT
From: cactus@bb.com (L. Todd Masco)
Date: Wed, 24 Aug 94 02:29:54 PDT
To: cypherpunks@toad.com
Subject: Re: Using PGP on Insecure Machines
In-Reply-To: <199408240630.XAA26030@netcom4.netcom.com>
Message-ID: <33f44u$8av@bb.com>
MIME-Version: 1.0
Content-Type: text/plain
In article <199408240630.XAA26030@netcom4.netcom.com>,
Timothy C. May <tcmay@netcom.netcom.com> wrote:
>L. Todd Masco writes:
>> Well... Either that, or they have their own UNIX boxes (an increasing
>> trend in this world of Linux boxes...) or other personal machines
>> that run an MTA and emacs.
>
>Precisely! In fact, I think I cited the Linux phenomenon just a day or
>so ago...(in a mention of cheap Pentium boxes). When many more
>locally-controlled boxes are on the Net, conveniently, then things
>should start to really get going.
>
>Until the "Internet-in-a-box" or TIA-type products are more
>widespread, many people will be connecting home or office machines to
>other systems they don't control.
Actually, I expected to get jumped on in a major way for saying that.
Linux boxes run X11, with all its security problems. Add to that the
increasing frequency of popularity of UNIX and UNIX-alikes, with all
their security problems, and you get a picture that's terrifyingly
cyberpunk.
I can just picture in three years: Job Bob Public sitting at his Linux
box, connected by TC/IPng over the local cable IP provider -- scared
by a mailing he's recently gotten from the Oregon Driver's Privacy
Initiative with information of where his daughter had his lojack-ng
equipped car was three days ago when she was supposed to be at football
practice -- decides to set up Microsoft PGP 5.7us on his machine (and
to wire up the optional personal lojack-ng tracking feature, of
course -- brought to you by AT&T).
He writes a message that he believes secure -- Of course, he's got his X11R8
server xhost +'d, so that his friend Suzy EveryCheese can send windows
to him (she's much too smart to allows other clients to attach to *her*
server). He types his passphrase in and his son, Bubba Public, snarfs
it from his PC-SeptiumJr. It never hurts to be able to see what the
Old Man might be writing.
Of course, the entire thing falls apart when the Morris Worm Mk 3 chomps
down through the least-secure encryption methods specified in IPng's
security specs (they salvaged the old AFS "xor 'flamingo'"
"optimization"), but that's another matter.
The point? I'm actually not very sure... but it has something to do with
there never being an easy way to be secure, especially for the plug-n-
players. It also has to do with the way things are going to be extremely
unstable when everybody is networked on machines with an OS and windowing
environment that evolved to play XTrek efficiently and to support Xeyes
with motif.
Knowledge and/or effort -- not to mention a good dose of paranoia -- are de
riguer, and I doubt that we'll see anything different in the near future
(even if technically possible: the rise of MS Windows and UNIX/X11 have
me pretty down on the economics of quality these days).
>It reeks of fanaticism.
Fanaticism's fine. It's clueless, dogmatic fanaticism that's a problem.
--
L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless
cactus@bb.com | grammatically correct sentence. Now...
Return to August 1994
Return to “tcmay@netcom.com (Timothy C. May)”