From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Fri, 9 Feb 1996 13:50:29 +0800
To: cmca@alpha.c2.org (Chris McAuliffe)
Subject: Re: PGP's "only for your eyes"
In-Reply-To: <199602062336.PAA24566@infinity.c2.org>
Message-ID: <199602090532.AAA26688@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199602062336.PAA24566@infinity.c2.org> cmca@alpha.c2.org (Chris McAuliffe) writes:

> 	Maybe some of you already know about this.
> 
> 	Whe reading PGP's "Only for your eyes" messages, the program
> 	creates a temporary file containing the plaintext in the
> 	directory where the cyphertext file is.
> 
> 	So, don't worry about this option, it's quite useless.
> 
> The manual points out that you shouldn't rely on it. Its main purpose is
> simply to prevent accidentally or automatically leaving the plaintext
> lying around, not to actually securely guarantee that behaviour. After
> all, you could always cut-and-paste the text, or (since you have the PGP
> source) alter PGP to ignore the flag.

I've gotten burned by this because it created a temp file over NFS.
If I'd been able to read the message with my mail reader "pgp -f", I
would not have disclosed the information.  The for your eyes only
option is more than useless, it's dangerous.

> The real problem is not what it does, but what people *think* it might
> do.
> 
> I take that back. When I check the manual, it doesn't say that it is
> insecure. It really ought to. At least one of the books about PGP does
> though, I know I've read it somewhere other than email.

David