Firewalls: Re: Using PGP with anonymous FTP

Firewalls
(February 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Using PGP with anonymous FTP
From:	Adam Shostack <adam @ bwh . harvard . edu>
Date:	Thu, 9 Feb 1995 14:35:49 -0500 (EST)
To:	rgm3 @ is . chrysler . com (Robert Moskowitz)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<9502091148 . AB06576 @ clncrdv1 . is . chrysler . com> from "Robert Moskowitz" at Feb 9, 95 06:34:01 am

	(Using PGP to automatically decrypt & encrypt files)

	Your plan seems to involve storing passphrases on disk
somewhere.  In order to do this well, set up a group of machines with
no function other than encryption/decryption, and then trust those
machines to do the job properly.

	Make sure each one only takes data signed by an approved
party, and then decrypts it, and sends it off somewhere secure.  The
reason for doing this on a seperate machine is to restrict what that
machine does to a base minimum.  You are forced to trust things that
appear to be coming from that machine, so once you've decrypted, you
should sign the data before sending it out.

	Also, you should create at least 3 keys-- one to sign
outgoing stuff, one to decrypt incoming stuff, and one to sign
incoming stuff after decryption.  This might not buy you very much at
all, but keys are cheap.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
						       -Hume

References:

Using PGP with anonymous FTP
From: rgm3 @ is . chrysler . com (Robert Moskowitz)

Indexed By Date	Previous:	Re: Address translation From: Ian Marr <im @ finsbury . co . uk>
Indexed By Date	Next:	Re: Anon FTP From: Brent @ GreatCircle . COM (Brent Chapman)
Indexed By Thread	Previous:	Using PGP with anonymous FTP From: rgm3 @ is . chrysler . com (Robert Moskowitz)
Indexed By Thread	Next:	Re: Using PGP with anonymous FTP From: Rens Troost <rens @ imsi . com>