[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP's "only for your eyes"

To: [email protected] (Chris McAuliffe)
Subject: Re: PGP's "only for your eyes"
From: David Mazieres <[email protected]>
Date: Fri, 9 Feb 1996 00:32:06 -0500
Cc: [email protected]
In-Reply-To: [email protected]'s message of Tue, 6 Feb 1996 15:36:13 -0800(PST)
References: <[email protected]>
Sender: [email protected]

In article <[email protected]> [email protected] (Chris McAuliffe) writes:

> 	Maybe some of you already know about this.
> 
> 	Whe reading PGP's "Only for your eyes" messages, the program
> 	creates a temporary file containing the plaintext in the
> 	directory where the cyphertext file is.
> 
> 	So, don't worry about this option, it's quite useless.
> 
> The manual points out that you shouldn't rely on it. Its main purpose is
> simply to prevent accidentally or automatically leaving the plaintext
> lying around, not to actually securely guarantee that behaviour. After
> all, you could always cut-and-paste the text, or (since you have the PGP
> source) alter PGP to ignore the flag.

I've gotten burned by this because it created a temp file over NFS.
If I'd been able to read the message with my mail reader "pgp -f", I
would not have disclosed the information.  The for your eyes only
option is more than useless, it's dangerous.

> The real problem is not what it does, but what people *think* it might
> do.
> 
> I take that back. When I check the manual, it doesn't say that it is
> insecure. It really ought to. At least one of the books about PGP does
> though, I know I've read it somewhere other than email.

David

References:
- Re: PGP's "only for your eyes"
  - From: [email protected] (Chris McAuliffe)

Prev by Date: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Next by Date: Re: Need a "warning" graphic of some kind for CDA
Prev by thread: Re: PGP's "only for your eyes"
Next by thread: Hey, we are quaint! (Was: A Sign of the Future)
Index(es):
- Date
- Thread