GPG on USB drive

C. D. Rok cedar at 3web.net
Mon Jan 10 23:06:53 CET 2005 

Maxine Brandt wrote:

> If you're referring to the wide-ranging discussion in November last year,
> that's not my impression of the developers' attitude (take Werner Koch's 
> quick
> reaction to the problem iconv.dll caused for our GPG on a floppy 
> project, GPG
> TO GO, for example).

I was off in my timing, and I am in no way inclined to criticize
GPG developers. All I was trying to point out is that "media-centric"
use is becoming so common that it should not be left to hacking by the
"aftermarket" - it should be part of the design, sanctioned and put in
place by those best in the position to do so: GPG developers.

> A 'media-centric' version of GPG (or any other application) will always 
> have limited functionality, and may never be possible, for two reasons.
> 
> The first is that it must come with its own OS or else use the host 
> machine's OS. If it uses it's own OS, the host machine must allow it to 
> boot, and if you're not the controller of that machine you won't be able 
> to enable this. The medium OS must also be able to write to the host 
> system, which isn't possible Windows-to-*NIX or *NIX-to-NTFS (at least 
> not without third-party helpers, which for the moment, aren't reliable.
> 
> The second reason is network connections. If you're not the controller 
> of the host machine, applications won't be allowed to pass a firewall.

I would assume operation without booting, under "host" OS, most often
one of tthe Win32 variants, but see no reason not to include Linux and
OSX. The filesystem would have to be VFAT; and it would contain all the
software and data required to operate POP/SMTP mail and encrypt/decrypt
text, thus no writing to the file system of the host should be necessary.
In such operation GPG would be self-contained and strictly isolated from
the NET, only the mail client would be net- aware (note that the announced
Thunderbird variant, mentioned in the original post, already assumes
this would be possible - if not always, then in a sufficient number of
instances to make it practical).

CDRok

More information about the Gnupg-users mailing list