GnuPG in universities

David Champion
Mon Jun 11 00:12:02 2001

On 2001.06.10, in <>,
	"Werner Koch" <> wrote:

> || On Sun, 10 Jun 2001 12:23:59 +0100
> || Niklas <> wrote:
> n> does anybody have experience with GnuPG (and email-frontends)
> n> used in computer-pools for example in universities (Windows and Linux) ?
> You can't and should not use ssh or gpg on a shared box! Especially
I have to disagree. I know I've already disagreed with Werner on a very similar topic lately, but I'm rather sensitive to this topic, and this pass is significantly different for me, largely because of the inclusion of SSH. In principle: SSH is still better than telnet or rlogin, even if you can't trust the keys. You just have to know what your keys are worth, and not to entrust more to those keys than you're willing to lose. It's not a usually a hard problem, since *typically* (but not always) you're the only one at risk. With OpenPGP keys, the problem is somewhat larger. Other people place their trust in your representation of yourself, and this is usually a more signigicant component of using PGP/GnuPG than of using SSH. But this should not prevent you from using a more private, secondary, non-representative key pair for some limited purpose. You just need to know -- and advertise -- what the keys are truly worth. On a shared system, they are always worth substantially less than on a private system. They are not implicitly worth nothing. For example: I wouldn't use gpg on a shared system to represent myself, though I would use it for other purposes -- for example, to encrypt backups on tape. (That's not a highly-secure backup. I can't know that a stolen tape is unreadable, but the odds are better than if the backup is cleartext.) I certainly do use SSH on public machines, and I will not telnet, but I don't log into systems I need to trust from those machines. It's a matter of wise placement of trust, not of rigid all-or-nothing rules. Soapbox: It especially does those of us who must support shared systems little good for users to be led to believe that cryptography can provide them nothing until they have their own computer -- and then everything is magically safer. (It's not: it might take significant effort to make it safer.) I don't think that Werner means to say that, precisely, but the terminology definitely leaves that interpretation open, and there's *always* someone who will take it. The matter at hand: Of course, I wouldn't use gpg the way this poster is asking, anyway. :) -- -D. NSIT University of Chicago