Wed, 5 Apr 2000 03:23:47 -0500 (CDT)
L. Sassaman, at 00:53 -0700 on Wed, 5 Apr 2000, wrote:
> Actually, they are very closely related. PGPnet is an IPsec implementation
> that allows for the use of PGP authentication/encryption by both parties.
> It is part of the PGP suite. (Remember that PGP is not just the OpenPGP
> program; it is also PGPdisk, PGPnet, and the related plugins.) One
> *should* associate the security that comes with PGP together with
> PGPnet; PGPnet is only as secure as PGP itself.
If you are calling PGP the entire suite of tools, there is no blanket
security that you can apply to the entire suite. You have to break the
issue down more; you can't abstract it that much. Saying PGPnet and the
unnamaed program that implements OpenPGP are equal is ridiculous; just
because they use similar algorithms has no effect on the possible
insecureness of the protocols involved. Given your style of argument, I
could abstract the Kerberos and ssh systems (public key logins, to
simplify) to say that the protocols are as secure as one another (given
that they are using similar algorithms).
Frank Tobin http://www.uiuc.edu/~ftobin/
"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus