Frank Tobin
Wed, 5 Apr 2000 03:23:47 -0500 (CDT)

L. Sassaman, at 00:53 -0700 on Wed, 5 Apr 2000, wrote:

> Actually, they are very closely related. PGPnet is an IPsec implementation
> that allows for the use of PGP authentication/encryption by both parties.
> It is part of the PGP suite. (Remember that PGP is not just the OpenPGP
> program; it is also PGPdisk, PGPnet, and the related plugins.) One
> *should* associate the security that comes with PGP together with
> PGPnet; PGPnet is only as secure as PGP itself.
If you are calling PGP the entire suite of tools, there is no blanket security that you can apply to the entire suite. You have to break the issue down more; you can't abstract it that much. Saying PGPnet and the unnamaed program that implements OpenPGP are equal is ridiculous; just because they use similar algorithms has no effect on the possible insecureness of the protocols involved. Given your style of argument, I could abstract the Kerberos and ssh systems (public key logins, to simplify) to say that the protocols are as secure as one another (given that they are using similar algorithms). -- Frank Tobin "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus