From: “David F. Ogren” <ogren@cris.com>
To: cypherpunks@toad.com
Message Hash: fa21377921ed06936abd6e2e42453edbdd2a29b641cdf48433e6eb8bf2d5fe4a
Message ID: <199607032012.QAA13633@darius.cris.com>
Reply To: N/A
UTC Datetime: 1996-07-03 23:58:05 UTC
Raw Date: Thu, 4 Jul 1996 07:58:05 +0800
From: "David F. Ogren" <ogren@cris.com>
Date: Thu, 4 Jul 1996 07:58:05 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607032012.QAA13633@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
To: cypherpunks@toad.com
Date: Wed Jul 03 16:09:34 1996
> At 09:42 PM 7/2/96 EDT, Derek Atkins <warlord@MIT.EDU> wrote:
>
> :Basically, I refuse to type my passphrase over the net, which signing
> :all my messages (this one included) would require.
> :
> :-derek
>
> Why, in heaven's name, would you have to "type your passphrase over the
> net" to encypher a message?
>
Lots of people still deal with the Internet remotely, despite the
profileration of SLIP/PPP accounts. To see the the difference consider the
following two scenarios:
1. Alice connects to the Internet via a PPP account. She downloads all of
her mail to Exchange (on her local computer), from which she can
encrypt/decrypt et cetera. All encryption is done locally and securely.
2. Bob connects to the Internet via a "shell" account. All processing is
done by his ISP's unix machine. He reads his mail on the mail reader
provided by unix machine. He has two choices:
2A. Install PGP on the ISP's unix machine and use it to encrypt/decrypt
messages. This is relatively easy, but also insecure. The ISP's
administration has access to his secret keyring, and his password must be
sent over the modem line to the ISP before it used. Thus he is "typing his
passphrase over the net".
2B. He can download the mail to his local machine manually. Manually
encrypt/decrypt the mail there and then upload it (again manually) to the
host computer to be sent. This is secure, but it's also a pain in the
butt.
David F. Ogren |
ogren@concentric.net | "A man without religion is like a fish
PGP Key ID: 0x6458EB29 | without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is? | Need my public key? It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2..6.2
iQEVAwUBMdrTf+SLhCBkWOspAQGLHgf+LEQRFzRl5vdWoGDI8TKhyfHHjBbCszHV
Fshtoa2h3vj+GcqGhh3IBTBwynZWlrQTHZeON41XMcl7ZxUqb9yd3C0qxaBE56Yk
Bf1b9KVa+z7GWue3EVbcuOP2wNBQjUKC0FZLjwHGxiLH1+sZ2HvTGzBSLeHWoMFq
oYyxLR6RZMbMy/2lKWJDIaz9CB4X8p5TPqvHQqoOIAhM6cmJkJc6VlPdW4bQgWWi
unzKcaMf9WuHH3crZMNAeGsnq2PkzYlDCTQNsESHIBtlw0+Z8gjmGaqnI2ouG1gh
b0ozEOOvgo+jrLF1+uXy92UJzdOFeNq4kXjbqxa9QQ7FidtDYpskkw==
=B5gF
-----END PGP SIGNATURE-----
Return to July 1996
Return to “Rich Graves <llurch@networking.stanford.edu>”