1PW
2008-11-22 00:53:57 UTC
Hello David:
I didn't wish to steal the other thread, so I've started a separate one.
I do so enjoy reading any sane and authoritative posts, and yours are
always in those numbers sir.
In the previous OP's thread:
From: jgreuel <***@gmail.com>
Newsgroups: alt.security.pgp
Subject: gpg/pgp integration issues
You suggest that the OP obtain the private/secret key from the GnuPG
system on the Windows server. Although this may not be an important
issue, if both business keys are from closely related entities, I
certainly would think many times over, if a user on a distant Unix
system requested my private/secret key. Even then, I would not let
anyone have my private/secret key - even if I withheld my passphrase.
On the surface, this seems to be a threat to the PKI Web Of Trust. Even
though I haven't given you the private/secret key's passphrase, I
normally wouldn't feel good about others having my private/secret key.
I /know/ that I only need your public key to send /you/ an encrypted
email. Am I laboring under a delusion, or is this Unix/Windows thing
a special and totally in-house case?
Hello also to Mr. David E. Ross if you would like to weigh in on this
issue good sir.
Very respectfully,
Pete
I didn't wish to steal the other thread, so I've started a separate one.
I do so enjoy reading any sane and authoritative posts, and yours are
always in those numbers sir.
In the previous OP's thread:
From: jgreuel <***@gmail.com>
Newsgroups: alt.security.pgp
Subject: gpg/pgp integration issues
You suggest that the OP obtain the private/secret key from the GnuPG
system on the Windows server. Although this may not be an important
issue, if both business keys are from closely related entities, I
certainly would think many times over, if a user on a distant Unix
system requested my private/secret key. Even then, I would not let
anyone have my private/secret key - even if I withheld my passphrase.
On the surface, this seems to be a threat to the PKI Web Of Trust. Even
though I haven't given you the private/secret key's passphrase, I
normally wouldn't feel good about others having my private/secret key.
I /know/ that I only need your public key to send /you/ an encrypted
email. Am I laboring under a delusion, or is this Unix/Windows thing
a special and totally in-house case?
Hello also to Mr. David E. Ross if you would like to weigh in on this
issue good sir.
Very respectfully,
Pete
--
1PW
@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
1PW
@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]