1 |
This thread is getting way 'out there'. Noone ever said that GPG signing |
2 |
is the end-all in security, noone ever said that it's the perfect method |
3 |
of protection, what we did say is that it's *alot* better than what we |
4 |
have now. |
5 |
I wish that people would stop coming up with obscure holes in the |
6 |
signing model, there is no way around them but this is a far greater |
7 |
amount of protection than we have now. |
8 |
The key to security is layers, we implement as many layers of security |
9 |
as possible to prevent compromises but there is obviously a huge human |
10 |
element that we can't 'fix'. The obscure ways of defeating the model |
11 |
should not stop us from implementing it, and it won't so lets try to |
12 |
keep our eyes on the goal and not get drawn off by non-productive |
13 |
distractions. |
14 |
|
15 |
Joshua Brindle |
16 |
|
17 |
|
18 |
John Nilsson wrote: |
19 |
|
20 |
> You have to trust the device that you interface with in any case. If the |
21 |
> computer is compromised, how do you know that the message you pipe |
22 |
> through for signing is the same as on the screen? |
23 |
> |
24 |
> -John |
25 |
> |
26 |
> On Mon, 2004-03-29 at 10:47, Paul de Vrieze wrote: |
27 |
> |
28 |
> On Sunday 28 March 2004 18:39, Sami Näätänen wrote: |
29 |
> |
30 |
> |
31 |
>>To do what? |
32 |
> |
33 |
>>The master key will not be present there. |
34 |
>>And if you don't provide those keys that are in the card the keys you |
35 |
>>make with the trojaned machine can't be validated with the master |
36 |
>>public key. |
37 |
> |
38 |
> That would only work if the external device actually performs the |
39 |
> singing. Not when the key itself is readable by the computer the device |
40 |
> is inserted in. I don't know if it would be possible to acquire such a |
41 |
> device allthough they probably exist. |
42 |
> |
43 |
> Paul |
44 |
> |
45 |
|
46 |
-- |
47 |
gentoo-dev@g.o mailing list |
48 |
|
49 |
|
50 |
|
51 |
|
52 |
-- |
53 |
gentoo-dev@g.o mailing list |