From: fc@all.net (Dr. Frederick B. Cohen)
Date: Tue, 1 Aug 95 14:03:18 PDT
To: marc@cam.ov.com (Marc Horowitz)
Subject: Re: What do I use?
In-Reply-To: <199508012037.QAA18078@dun-dun-noodles.cam.ov.com>
Message-ID: <9508012054.AA17294@all.net>
MIME-Version: 1.0
Content-Type: text


> >> I never recommend a solution without knowing a fair amount about the
> >> specific challenge it is supposed to address.  I typically start with
> >> an understanding of the general environment, the financial and/or
> >> human issues, the threat profile, the protection environment, the
> >> other dependencies and protection factors, and other factors related
> >> to the reasons for protection.  Once I have this understanding, I make
> >> value judgements about how much I trust things relative to the
> >> requirement for trust and other limitations presented by the
> >> situation.
> 
> Ok.  IMHO, that's a perfectly valid position.  Under what
> circumstances do you consider pgp to be a suitable tool?  Do you think
> there is a better tool under similar circumstances?

That's a tough one.  I generally follow the supreme court's view of not
handling hypotheticals, but I will give you some ideas about my view. 

I think that PGP is almost always suitable for casual conversation that
is to be kept from casual snooping.  Without specifically recommending
its use in any particular situation, I generally think that it is
suitable for select applications where:

	- The threat profile does not include well-funded professional
	cryptanalysts, police agencies, governments, serious financial
	rivals, criminals, or other high-grade threats. 

	- The implications of corruption, non-delivery, repudiation,
	or traffic analysis are not extremely important.

	- The implications of leakage isn't financially or otherwise
	catastrophic. 

	- No lives are at stake.

	- My reputation doesn't depend on it. 

I think that PGP is an excellent tool in many ways, however, I have
numerous difficulties with the lack of adequate interface to it in other
packages.  I am not really keen on its keyring concepts and other
similar things, but that's not a real issue in this frame of reference. 

I have serious concerns about the fact that use of this system does not
prohibit people who are not knowledgeable about the limitations of
public key cryptography from using it in ways that may result in the
revelation or weakening of private keys or other similar potential
problems.  For that reason, I would not advise the use of PGP for any
non-casual application outside of the context of a comprehensive
information protection program designed to provide assurance of its
proper generation, configuration, installation, application, and use.

There are almost certainly other concerns that I would express in an
evaluation for any particular purpose.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236