mobile GPG installation

tk tony.kwok@3web.net
Sun May 11 20:39:03 2003


Adrian 'Dagurashibanipal' von Bidder wrote:
> 
> Because the creators of gpg try to create a secure software, 
 > not a package that just seems secure.
> 
> You propose to insert a disk/usb-stick/whatever with your 
 > secret keyring into a computer which you basically can't trust.
 > I don't think that this is something the gpg authors should
 > spend time to make easy.

This is nonsense. As a user, I am the best judge which computer
to trust and which not to trust. No computer that is ever left
unattended for any period of time could be trusted hundred percent
- yet most users run GPG on such computers. On the other hand,
many users could find computers that they use only occasionally
and that belong to others (friends, employers, etc.) at least
as trustworthy as the computer they leave unattended in their
rental flat which, for instance, their landlord (and who knows
who else) can easily visit while they are at work.

Yes, malware/keyloggers/etc. on a computer can be a problem,
but the solution has nothing to do with fusing the software
package to a prticular box. This is an extremely naive solution
at best, and if you think of it, in many instances it might be
outright counterproductive.

tk