From: shamrock@netcom.com (Lucky Green)
Date: Wed, 21 Feb 1996 18:36:16 +0800
To: Ed Carp <bplib@wat.hookup.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v02120d23ad509400084e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:24 2/20/96, Ed Carp wrote:
>On Wed, 21 Feb 1996, Tim Philp wrote:
>
>>       The issue that I have not seen you address is one that has been
>> brought up by several posters to this thread. This issue has to do with
>> the fact that if you generate all of the keys (or whatever) what is to
>> stop someone from offering one of your employees a LARGE bribe to cough up
>> the keys?
>
>Not to mention GAK.  No bribe needed - just a "suit" showing up with what

The threat is mote. IPG generates the keys. Therefore, their system is
insecure from the user's point of view. This is just about as fundamental
of a security flaw as you are ever going to find. Let's not waste our time
on IPG (what a misnomer) any longer.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.