[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Keyed-MD5, ITAR, and HTTP-NG


On Mon, 30 Oct 1995, Rich Graves wrote:

> On Mon, 30 Oct 1995, Doug Hughes wrote:
> I would think that you would worry more about your users getting a false
> sense of security from storing secret keys on a large multiuser system
> than about being held liable for naughty PGP-encrypted traffic. I don't 
> see how you could be held liable anyway. How is PGP that much different 
> from allowing your users to set a password on their account? It makes it 
> harder for root to invade their privacy, but in general, we have very 
> stringent requirements that must be satisfied before we'll read user 
> directories or mail.

  As a student I am concerned with the false security, and that was 
mentioned while we were talking (today).  As to liability, it is 
important that no one can come back and hold the school liable.  Once the 
messages can be encrypted then it is harder to read the messages, but not 
impossible, unless the students keep the key on a disk, and just ftp it 
into the account everytime.  The fact is that that won't be the rule, so 
the admin can still read messages, but there will need to be clear-cut 
reasons for them to do that (IMOHO).  I am curious what requirements must 
be met.  I guess there are more schools that allow this than I expected 
<g>.  Well thanx for replying.  Take care and have fun.

James Black
[email protected]