From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Thu, 30 Nov 1995 04:52:25 +0800
To: Adam Hupp <ahupp@primenet.com>
Subject: Re: key for Alice as promised (not)
In-Reply-To: <199511290315.UAA26439@usr4.primenet.com>
Message-ID: <Pine.SUN.3.91.951129143454.8834A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 28 Nov 1995, Adam Hupp wrote:

> >Can you imagine??  I'm simply not willing to fool myself into thinking 
> >that I ahve security by posting a key and using PGP.
> 
> Unless you can post some proof that PGP is insecure, stop insisting it is.

Hold on a minute.  Alice is, here, 100% correct.

If I use PGP to read messages and there's a videocamera trained on the 
keyboard, and other people have access to the machine, PGP is not 
secure.  Similarly, if PGP is on a computer which other people may use 
without my supervision, they can  monitor keystrokes, etc. and PGP is not 
secure.

A chain is only as strong as its weakest link; Alice recognizes this, and 
makes no claim that PGP itself is the weak link.  The weak link is the 
physical security of the system which Alice claims to use.

Jon
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.