[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: your mail



> Although I'm still uncomfortable about the non-crypto user key, there is
> a simple solution to the problem of executable/data transmission:
> 
> Send it as Perl, Postscript, Tcl, whatever.

You are assuming that I (I being every possible recipient) have PERL
available!  While in my particular case this is probably not a bad
assumption, it is a horrible assumption in the long-run.  What about
people with their 20M IBM PC-XT DOS machines?  They probably don't
have PERL.  And I *know* that most Mac users do not have PERL.

I'm not saying that PERL would be a bad thing to use.  You could also
theoretically use sh and cc!  But the problem is you have to assume
that *every* user has these available, and that is a bad assumption.
If you are going to assume that, you might as well assume that they
have PGP and save all the trouble!  Why not just assume they have PGP
and generate a file which will execute PGP on itself?  That solves the
problem, and is secure. (Well, it doesn't solve the problem of a user
running a random exacutable sent in the mail).

BTW: I must apologize for interchanging "binary" for "exacutable"...
I tend to do it a lot, and in the context I confused the topic.  When
I said that the problem was sending a binary for every machine, I
meant the problem was creating something that could execute on every
machine.  While PERL is a compromise, it is definitely not the panacea
to this problem.  Do you want to target certain architechtures?  I
hope not.

Just use PGP.  Remember, PERL is the wrong solution to every problem. ;-)

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
         PGP key available from [email protected]
            [email protected]       PP-ASEL        N1NWH