ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Split Implementations of PGP

2005-03-15 16:39:23
from [Ingo Luetkebohle] [Permanent Link] 
Am Dienstag, den 15.03.2005, 12:12 -0800 schrieb Jon Callas:

Better for whom?


Better for a recipient who, for whatever reasons, does not want to
transfer the whole for decryption.


One of the reasons that practice is to not have individually encrypted 
parts is that that has not been considered as good, meaning not as 
secure. It isn't as convenient for an entity who doesn't have the keys 
to process such a message, and that's been considered a feature rather 
than a bug.


I concur -- for the usual case.  However, whats better in the case under
discussion:  Decrypting the full thing on a machine not under your
control and then transferring only what you can afford, or transfer it
(encrypted) and decrypt it on the local machine (mobile device)?  For
this case, I'd say the latter is preferable.  Maybe I'm paranoid about
server security but isn't that why we're using PGP-based end-to-end
encryption?

regards

Ingo

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Split Implementations of PGP, Jon Callas
Next by Date:  Re: Split Implementations of PGP, Ben Laurie
Previous by Thread:  Re: Split Implementations of PGP, Jon Callas
Next by Thread:  Re: Split Implementations of PGP, Ben Laurie
Indexes:  [Date] [Thread] [Top] [All Lists]