Re: Re META security

From: Alex Future Bokov (alexboko@umich.edu)
Date: Tue Jun 02 1998 - 21:05:26 MDT


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 2 Jun 1998, Brian D Williams wrote:

> Actually Alex there are quite a few Cypherpunks on this list. I've
> been using PGP since the 1.0 "bassmaster" edition. There's no real
> reason to use it on an open list, besides since anyone can
> subscribe, anyone would have access to the keys....

        Glad to hear it. I didn't meen to imply that no one here uses PGP.
PGP can be useful on an open list to confirm the sender's identity via
signature. Otherwise, anyone can log into the server's SMTP port and send
out fake mail masquerading as that sender... and that's the moderately
knowlegeable hacker. The newbie hacker will just configure
Netscape/IE/Eudora/Outlook with a fake originating address and voila! I'm
years from being important enough to impersonate, but I figure I'll start
covering my butt early.
        In any case, people should seriously consider PGP regardless of
what list they're on, regardless of whether they are an industrial spy or
a school teacher. By their very nature, threats to one's privacy are hard
to predict. After all, one doesn't lock one's door only on nights when one
is expecting to be robbed, right?
        I know the above ideas are old hat to the Cypherpunks on the list;
I'm going into this because, as you put it,
 
> But it's always good to spread the word.....

> PGP was legally exported months ago, taking advantage of a loophole
> in the law, the sourcecode was printed out, then legally
> transported out of the country and keyboarded in elsewhere. Export
> restriction bypassed......

        Yup, and the beauty of it is, it's not a loophole they can close
without repealing or crippling the first ammendment. Here's the rub,
though: whether or not other countries already have PGP, it's _still_
illegal to export it from the United States in digital form. These guys
just don't know when to give up!
        By the way, did they actually compile it yet? Are there sites
outside the US where PGP can now be downloaded legally?

        While we're on the subject... is there anyone out there who uses
Pine as their email client? It took me a while to come up with a
convenient way to integrate PGP with pine, and I want to save other people
the hassle. Contact me individually if you want the scripts.

                                            --Sincerely, Alex F. Bokov
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+Software Installation/Deployment * Server Administration * Desktop Support +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ PLEASE confirm Meeting Maker activities via email (if you want me there)! +
+ Office: 763-4977 Pager: 840-0593 Facilities: 647-3748 +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBpAwUBNXS9eZvUJaRNHMexAQHqFwKZAam7iUcTE3aVaAN3Rv606ficAaETtZLi
gF07/z9MtNu4tLpORJWTPleUTMAGTLVNP+9+wTh5SZRUJ5SHhEaxJGB0en0q1YQi
+H6V0mZFBO1XFBgh
=0XZt
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 14:49:09 MST