[boulder.pm] forwarding a "nonmember" bounce from Jake

Walter Pienciak walter at frii.com
Tue Jan 16 17:45:13 CST 2001


Date: Tue, 16 Jan 2001 14:56:38 -0700
From: Jake Edge <jake at edge2.net>
To: boulder-pm-list at happyfunball.pm.org
Subject: Re: [boulder.pm] RFC on encryption approachwq
Message-ID: <20010116145638.A18212 at magpie.indstorage.com>
Reply-To: jake at edge2.net
References: <Pine.BSF.4.30.0101161316250.97578-100000 at io.frii.com> <3A64B52A.AC7A73C4 at trustamerica.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3A64B52A.AC7A73C4 at trustamerica.com>; from kmoore at trustamerica.com on Tue, Jan 16, 2001 at 01:55:06PM -0700
X-Operating-System: Linux 2.2.17

> > Am I being totally paranoid, pedantic, and this worry is complete
> > overkill?  Or should I ought to look at the PGP/GPG approach, and
> > the outside server has the "public key", while only the inside machine,
> > which would pull the data, would have the "private key"?

I think public key encryption might be best (which is what PGP/GPG use).
If the inside machine has a public key, anyone can know it (including the
black hats), but only the inside machine that has the corresponding private
key can decrypt messages that have been encrypted using the public key
(assuming that very large numbers are very hard to factor).  With PGP/GPG,
only the session key gets encrypted using the public key mechanism and that
session key is used for a faster (like Blowfish or 3DES or Rijndael)
shared secret encryption.  I haven't looked, but I would be surprised if
there aren't some CPAN modules to handle public key encryption stuff ...

I certainly don't think you are worrying too much ...

jake




More information about the Boulder-pm mailing list