1996-07-03 - Re: Lack of PGP signatures

Header Data

From: “David F. Ogren” <ogren@cris.com>
To: cypherpunks@toad.com
Message Hash: fa21377921ed06936abd6e2e42453edbdd2a29b641cdf48433e6eb8bf2d5fe4a
Message ID: <199607032012.QAA13633@darius.cris.com>
Reply To: N/A
UTC Datetime: 1996-07-03 23:58:05 UTC
Raw Date: Thu, 4 Jul 1996 07:58:05 +0800

Raw message

From: "David F. Ogren" <ogren@cris.com>
Date: Thu, 4 Jul 1996 07:58:05 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607032012.QAA13633@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Jul 03 16:09:34 1996
> At 09:42 PM 7/2/96 EDT, Derek Atkins <warlord@MIT.EDU> wrote:
> 
> :Basically, I refuse to type my passphrase over the net, which signing
> :all my messages (this one included) would require.
> :
> :-derek
> 
> Why, in heaven's name, would you have to "type your passphrase over the
>  net" to encypher a message?
> 

Lots of people still deal with the Internet remotely, despite the 
profileration of SLIP/PPP accounts.  To see the the difference consider the 
following two scenarios:

1. Alice connects to the Internet via a PPP account.  She downloads all of 
her mail to Exchange (on her local computer), from which she can 
encrypt/decrypt et cetera.  All encryption is done locally and securely.

2. Bob connects to the Internet via a "shell" account.  All processing is 
done by his ISP's unix machine.  He reads his mail on the mail reader 
provided by unix machine.  He has two choices:

2A. Install PGP on the ISP's unix machine and use it to encrypt/decrypt 
messages.  This is relatively easy, but also insecure.  The ISP's 
administration has access to his secret keyring, and his password must be 
sent over the modem line to the ISP before it used.  Thus he is "typing his 
passphrase over the net".

2B. He can download the mail to his local machine manually.  Manually 
encrypt/decrypt the mail there and then upload it (again manually) to the 
host computer to be sent.  This is secure, but it's also a pain in the 
butt.

David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2..6.2

iQEVAwUBMdrTf+SLhCBkWOspAQGLHgf+LEQRFzRl5vdWoGDI8TKhyfHHjBbCszHV
Fshtoa2h3vj+GcqGhh3IBTBwynZWlrQTHZeON41XMcl7ZxUqb9yd3C0qxaBE56Yk
Bf1b9KVa+z7GWue3EVbcuOP2wNBQjUKC0FZLjwHGxiLH1+sZ2HvTGzBSLeHWoMFq
oYyxLR6RZMbMy/2lKWJDIaz9CB4X8p5TPqvHQqoOIAhM6cmJkJc6VlPdW4bQgWWi
unzKcaMf9WuHH3crZMNAeGsnq2PkzYlDCTQNsESHIBtlw0+Z8gjmGaqnI2ouG1gh
b0ozEOOvgo+jrLF1+uXy92UJzdOFeNq4kXjbqxa9QQ7FidtDYpskkw==
=B5gF
-----END PGP SIGNATURE-----






Thread