[81779] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Impact of Netscape kernel hole

daemon@ATHENA.MIT.EDU (John Young)
Fri Jun 13 22:08:42 1997

Date: Fri, 13 Jun 1997 20:44:20 -0400
To: cypherpunks@toad.com
From: John Young <jya@pipeline.com>
Cc: tomw@netscape.com
Reply-To: John Young <jya@pipeline.com>

Huge Cajones wrote:

>Tim's post (although refuted by Marc) raises some serious issues since I
>suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp


Isn't it widely known that the secret key is not to be stored in the box, as the
PGP manual and security pubs emphasize?

Still, it would be good to know if a Netscape snooper could snarf a key while 
it is being used by PGP to decrypt, that is, whether the hole allows snooping
on dynamic ops or just on stored info.

Does anyone know if the the hole finders are discussing this on the Net, and
if so, where? What are the folks at Netscape saying? Tom, Jeff?


home help back first fref pref prev next nref lref last post