[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key for Alice as promised (not)



>On Tue, 28 Nov 1995, Adam Hupp wrote:
>
>> >Can you imagine??  I'm simply not willing to fool myself into thinking 
>> >that I ahve security by posting a key and using PGP.
>> 
>> Unless you can post some proof that PGP is insecure, stop insisting it is.
>
>PGP is really not the issue.  The issue is more my security and the
>environment that I use PGP in.  I don't have a trusted machine to run PGP
>on.  Anyone who wants to can come up to machine and copy my secret keyring
>or they can even watch me typing my password in. 
>
>So, I don't fool myself, and I don't use PGP, except for things like
>exchanging a one-time pad with someone when I've already sent the message
>out across another delivery mechanism, like on a floppy delivered my
>courier. 
>
>Alice de 'nonymous ...

You're a bonehead.  On the one hand, you FAIL to stop or dramatically reduce
claimed spoofings of your notes by using PGP (which would almost certainly
work perfectly for this limited purpose) yet you claim that you'll only
trust PGP in a limited scenario of courier-delivered data!

Talk about "penny-wise and pound foolish"!  

Wake up, idiot!  The purpose of encryption and signing and such is to REDUCE
problems, ideally to zero but if not to some adequately small value.  To
fail to use signing when there is no ongoing problem is risky; to not use
signing when there is a  serious continuing problem is downright lunatic.
That sets up an irresolvable contradiction:  On the one hand, you're willing
to tolerate a continuing problem, yet on the other you claim that your
standards are so high that you won't use a system unless the probability of
security essentially precludes a loss of security.

Now can you see why we're laughing?