[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key for Alice as promised (not)

>On Tue, 28 Nov 1995, Adam Hupp wrote:
>> >Can you imagine??  I'm simply not willing to fool myself into thinking 
>> >that I ahve security by posting a key and using PGP.
>> Unless you can post some proof that PGP is insecure, stop insisting it is.
>Hold on a minute.  Alice is, here, 100% correct.
>If I use PGP to read messages and there's a videocamera trained on the 
>keyboard, and other people have access to the machine, PGP is not 
>secure.  Similarly, if PGP is on a computer which other people may use 
>without my supervision, they can  monitor keystrokes, etc. and PGP is not 
>A chain is only as strong as its weakest link; Alice recognizes this, and 
>makes no claim that PGP itself is the weak link.  The weak link is the 
>physical security of the system which Alice claims to use.
>Jon Lasser                <[email protected]>            (410)494-3072 
>          Visit my home page at http://www.goucher.edu/~jlasser/
>  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.

I guess I missed Alice's point, but I gave it more thought and Alice is
still wrong:

1) If someone DID monitor Alice, that almost defanitly means the remailer
chain was compromised. The weakest link here is the remailer chain, not
Alice's computer's physical security.*  If Alice's true address is not
known, there cannot be any monitoring of his/her computer (unless it for
some other reason than "Alice").

2) This whole deal is about Alice signing his/her messages, not encrypting
them.  What Alice would be giving up if his/her computer were compromised
would not be security, but identity. The most Alice could lose, IF the
remailer chain were compromised and IF his/her computer's physical security
were compromised is his/her's reputation by spoofing (loss of
pseudo-anonaminity is a given if the attacker gets that far).  Those are
some really big Ifs.

*BTW, the chain is NOT as strong as it's weakest link.  If I send mail to a
remailer, and it strips the headers like it's supposed to, but sends the
mail to a compromised remailer (the weak link), I am just as secure as before. 

Version: 2.6