[42917] in Cypherpunks
Re: using PGP only for digital signatures
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sun Nov 5 11:15:47 1995
To: James Black <black@eng.usf.edu>
Cc: cypherpunks@toad.com
In-Reply-To: Your message of "Sat, 04 Nov 1995 16:12:43 EST."
<Pine.SUN.3.91.951104155911.2413A-100000@fourier>
Reply-To: perry@piermont.com
Date: Sun, 05 Nov 1995 11:11:44 -0500
From: "Perry E. Metzger" <perry@piermont.com>
James Black writes:
> I am in a discussion (during the week) with a system administrator
> about seeing if we can just make PGP publically available to everyone,
> but now the discussion seems to be to just allow PGP to do digital
> signatures, and I don't think that is the best choice, then. They are
> not against PGP being used, but there are legal issues as to whether they
> can offer it to everyone, as some students are international students,
> and are not allowed to use the version for the US, or so I have been
> informed, so now I need to see if we can have the international version,
> so these students can use it. :(
Actually, nothing in the ITAR says foreigners can't USE the
U.S. version of PGP, just that you can't give them the software.
However, I think it is a bad idea to make PGP available on a multiuser
computer. It encourages a very, very bad habit -- that of using PGP on
a multiuser computer....
> What they are trying to do is make certain that no
> one can send a message to anyone, claim to be in the faculty, and cause
> problems that way.
But since you are using this software on a multiuser computer over
likely insecure lines, or, even worse, over an insecure LAN, all you
are going to do is make things even stickier when someone steals a key
and starts pretending to be some faculty member anyway.
Don't use public key software on untrusted hardware over insecure
links. Its a BAD BAD BAD thing.
Perry