Re: A few changes
On Fri, 24 Sep 1999, Matthew Vernon wrote:
> This is all very well, except for those of us who email from work, and
> have their PGP key at home...
Well, depending on how paranoid you may be, there are a few solutions:
* Keep a copy of at least your `secring.pgp' on a floppy disk, and
use this at work (trying to avoid disk cacheing problems).
* Use an intermediary machine (i.e. one always part of the Internet).
This option depends on many things -- the machine is bound to be
a multi-user one, which is in theory a no-no, but if it's fairly
tightly under your administrative control, then it's unlikely that
your keyrings stored on it will be compromised. If you can ssh
into this machine, it should be safe.
I actually do this, almost; I have two keys: <chris@fluff.org> and
<chris@minoa.fluff.org>. The former sits on a system with many users
that I administrate (inkvine.fluff.org), and is in theory vulnerable
at various times to several attacks: Ethernet snooping, and compromise
by local root-style exploit. The latter has never left my home
machine, and assuming no one breaks in to my home machine during
dial-up time (unlikely; I watch /var/log like a hawk), the key is
safe from those sorts of exploits.
So, for anything lasting or really important, I use the home signature,
from home.
--
Chris <chris@fluff.org> ( http://www.fluff.org/chris )
Reply to: