[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP use



    From: "Timothy C. May" <[email protected]>
    Date: Wed, 24 Aug 1994 01:37:39 -0700 (PDT)
    
    What is being missed here is the issue of where the PGP operations are
    being done. If done on a machine outside the direct control of the
    user, obvious security holes exist.

I don't suppose that you'd care to describe a situation with
absolutely no security holes, would you?

If not, can we conclude that any attempt to do anything related to
security is, in your opinion, silly?

What's wrong with the following approach:
 - Try to control what you can control.
 - Try to recognize what you cannot control.
 - Try to reduce the second set in favor of the first.

Using PGP on Unix systems where you are not root *does* have a place
in this framework.

			Rick