From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Wed, 7 Feb 1996 08:38:40 +0800
To: cypherpunks@toad.com
Subject: Re: PGP's "only for your eyes"
Message-ID: <199602062336.PAA24566@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks@toad.com]
[Subject: Re: PGP's "only for your eyes"]

Usuario Acceso2 <acceso2@diatel.upm.es> wrote:
	Maybe some of you already know about this.

	Whe reading PGP's "Only for your eyes" messages, the program
	creates a temporary file containing the plaintext in the
	directory where the cyphertext file is.

	So, don't worry about this option, it's quite useless.

The manual points out that you shouldn't rely on it. Its main purpose is
simply to prevent accidentally or automatically leaving the plaintext
lying around, not to actually securely guarantee that behaviour. After
all, you could always cut-and-paste the text, or (since you have the PGP
source) alter PGP to ignore the flag.

The real problem is not what it does, but what people *think* it might
do.

I take that back. When I check the manual, it doesn't say that it is
insecure. It really ought to. At least one of the books about PGP does
though, I know I've read it somewhere other than email.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMRfm+oHskC9sh/+lAQHgygQAs4gsA3DWORL06++EpiQahmDOj6JZJKaD
CTkljTcGA1WoY6LNEwGrEMBSs1NoaY6JT+KgxAeP/HOxTJDKwRkAdU+/psjMT9t6
rqERq6HerBKIBqUj/nOsbhnigA2U+e3gto9Fpvs5gld6oQvbyn3M56PWXrm9dbBX
N2KqJ8BcQTE=
=eRZ2
-----END PGP SIGNATURE-----