mobile GPG installation

Adrian 'Dagurashibanipal' von Bidder
Sun May 11 19:32:02 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Sunday 11 May 2003 17:22, tk wrote:
> Burns wrote:
> > Change homedir (in the registry) to "A:\gpgsec" (trust file and
> > random seed file will be here from now on, along with your own
> > keypairs)
> ...
> > Somebody, let me know if I'm giving bad advice here.
> Only in the sense that (as per original poster's scenario)
> fiddling with the registry entries on the computer that belongs
> to someone else, who lets you look at your mail for a few
> minutes is a bad idea. We are still waiting for the good GPG
> creators to understand the very real need for a GPG variant
> that REQUIRES NO INSTALLATION, i.e., a program that is
> not "fused" to a particular "box", but only to an operating
> system and the medium it resides on (floppy, CD...).
> (Why is this such a difficult concept to fathom?)

Because the creators of gpg try to create a secure software, not a package=
that just seems secure.

You propose to insert a disk/usb-stick/whatever with your secret keyring in=
a computer which you basically can't trust. I don't think that this is=20
something the gpg authors should spend time to make easy.

=2D- vbi

OpenPGP encrypted mail welcome - my key:

Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)

Signature policy: