GnuPG in universities

David Champion dgc@uchicago.edu
Mon Jun 11 00:12:02 2001 

On 2001.06.10, in <87n17g1gb3.fsf@alberti.gnupg.de>,
	"Werner Koch" <wk@gnupg.org> wrote:

>  || On Sun, 10 Jun 2001 12:23:59 +0100

>  || Niklas <niklas.schurig@student.uni-ulm.de> wrote: 

> 

>  n> does anybody have experience with GnuPG (and email-frontends)

>  n> used in computer-pools for example in universities (Windows and Linux) ?

> 

> You can't and should not use ssh or gpg on a shared box! Especially


I have to disagree.  I know I've already disagreed with Werner on a
very similar topic lately, but I'm rather sensitive to this topic, and
this pass is significantly different for me, largely because of the
inclusion of SSH.

In principle: SSH is still better than telnet or rlogin, even if you
can't trust the keys.  You just have to know what your keys are worth,
and not to entrust more to those keys than you're willing to lose.
It's not a usually a hard problem, since *typically* (but not always)
you're the only one at risk.

With OpenPGP keys, the problem is somewhat larger.  Other people place
their trust in your representation of yourself, and this is usually a
more signigicant component of using PGP/GnuPG than of using SSH.  But
this should not prevent you from using a more private, secondary,
non-representative key pair for some limited purpose.  You just need to
know -- and advertise -- what the keys are truly worth.  On a shared
system, they are always worth substantially less than on a private
system.  They are not implicitly worth nothing.

For example: I wouldn't use gpg on a shared system to represent myself,
though I would use it for other purposes -- for example, to encrypt
backups on tape.  (That's not a highly-secure backup.  I can't know
that a stolen tape is unreadable, but the odds are better than if the
backup is cleartext.) I certainly do use SSH on public machines, and I
will not telnet, but I don't log into systems I need to trust from
those machines.  It's a matter of wise placement of trust, not of rigid
all-or-nothing rules.

Soapbox: It especially does those of us who must support shared systems
little good for users to be led to believe that cryptography can
provide them nothing until they have their own computer -- and then
everything is magically safer.  (It's not: it might take significant
effort to make it safer.)  I don't think that Werner means to say that,
precisely, but the terminology definitely leaves that interpretation
open, and there's *always* someone who will take it.

The matter at hand: Of course, I wouldn't use gpg the way this poster
is asking, anyway. :)

-- 
 -D.	dgc@uchicago.edu	NSIT	University of Chicago