At 11:14 pm -0400 2000-09-01, Russell Nelson wrote:
Ed Gerck writes:
Even though the web-of-trust seems to be a pretty good part of PGP,
IMO it is actually it's Achilles heel.
Nope. Usability is its Achilles heel. PGP needs to be wrapped in
something, and yet it's not really designed to be
At 3:48 PM -0700 9/1/2000, David Honig wrote:
At 09:34 AM 8/30/00 -0700, Ed Gerck wrote:
BTW, many lawyers like to use PGP and it is a good usage niche. Here, in the
North Bay Area of SF, PGP is not uncommon in such small-group business users.
How do they exchange public keys? Via email I'll
Ed says,
The solution is to use a multifold of links, arranged in time and space
such that rather than making the impossible assumption that "no part
will fail at any time," we can design a system where up to M parts can
fail at any time provided that not all M parts fail at the same time
At 09:56 PM 9/2/00 -0400, Arnold G. Reinhold wrote:
At 3:48 PM -0700 9/1/2000, David Honig wrote:
At 09:34 AM 8/30/00 -0700, Ed Gerck wrote:
BTW, many lawyers like to use PGP and it is a good usage niche. Here,
in the
North Bay Area of SF, PGP is not uncommon in such small-group business
users.
Well put, Greg. I do think that a small circle of trusted
friends is a tautology -- if it is not small, it cannot be
trusted. Was it not ever thus?
--dan
How do they exchange public keys? Via email I'll bet.
Note that it is trivial(*) to construct a self-decrypting
archive and mail it in the form of an attachment. The
recipient will merely have to know the passphrase. If
transit confidentiality is your aim and old versions
of documents
On Fri, 1 Sep 2000 23:14:06 -0400 (EDT) Russell Nelson [EMAIL PROTECTED] writes:
Ed Gerck writes:
Even though the web-of-trust seems to be a pretty good part of PGP,
IMO it is actually it's Achilles heel.
Nope. Usability is its Achilles heel. PGP needs to be wrapped in
something,
Dave Del Torto wrote:
At 11:14 pm -0400 2000-09-01, Russell Nelson wrote:
Ed Gerck writes:
Even though the web-of-trust seems to be a pretty good part of PGP,
IMO it is actually it's Achilles heel.
Nope. Usability is its Achilles heel. PGP needs to be wrapped in
something, and yet
In message [EMAIL PROTECTED], Dan Geer writes:
How do they exchange public keys? Via email I'll bet.
Note that it is trivial(*) to construct a self-decrypting
archive and mail it in the form of an attachment. The
recipient will merely have to know the passphrase. If
transit
At 05:33 PM 9/3/00 -0400, Dan Geer wrote:
How do they exchange public keys? Via email I'll bet.
Note that it is trivial(*) to construct a self-decrypting
archive and mail it in the form of an attachment. The
recipient will merely have to know the passphrase. If
If you have a secure
[EMAIL PROTECTED] wrote:
Ed says,
The solution is to use a multifold of links, arranged in time and space
such that rather than making the impossible assumption that "no part
will fail at any time," we can design a system where up to M parts can
fail at any time provided that not all
On Tue, 5 Sep 2000, David Honig wrote:
If you have a secure channel to exchange a passphrase in,
you have no need for PK.
Public key allows digital signatures, which a secure channel for key
exchange doesn't provide. Two parties may choose to use symmetric
encryption for exchanging
Ed Gerck wrote:
Even though the web-of-trust seems to be a pretty good part of PGP,
IMO it is actually it's Achilles heel.
I agree with most comments but they seem to deal more with symptons. Let
me just clarify/justify the above and why I think this is IMO actually the root
cause of problems.
I said,
Note that it is trivial(*) to construct a self-decrypting
archive and mail it in the form of an attachment. The
recipient will merely have to know the passphrase. If
transit confidentiality is your aim and old versions
of documents are irrelevant once the ink is
At 10:17 PM 9/5/00 -0400, P.J. Ponder wrote:
On Tue, 5 Sep 2000, David Honig wrote:
If you have a secure channel to exchange a passphrase in,
you have no need for PK.
Public key allows digital signatures,
A digsig does indeed rely on PK, but you needn't use digsigs
to use PK. Digsigs
On Tue, 5 Sep 2000, David Honig wrote:
The more hard-core distribute keys to previously known
parties on physical media, only.
I have long felt that PGP missed a trick when it didn't have
automatic expiry for keys -- It should be possible to build
into each key an expiration date,
16 matches
Mail list logo
