Encrypt & Sign
atom at smasher.org
Mon Jan 17 01:02:13 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 14 Jan 2005, Neil Williams wrote:
>> in a techno-philosophical sense, you never *really* know what you're
>> signing unless you do the math by hand...
> That's disingenious Atom - the premise of the article is a rogue
> program. Isn't that why we use free software? That's why we verify GnuPG
> carefully before installing, why we have the source code to inspect to
> allay precisely these fears.
as a practical matter, you're mostly correct. as a nitty-gritty technical
and philosophical matter there's still a gap.
also, just because some of us use open source tools doesn't mean everyone
does... and open source isn't magically secure. some people use gpg/pgp on
shared machines, or machines that they don't have exclusive root access
to. some people use public terminals to access their secure machine and
their secret keys. there are plenty of things that could (in theory and
practice) come between an individual and their key. it's the
responsibility of key owners to make sure their keys aren't compromised.
if keys are compromised then the responsible thing to do is revoke those
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
fascism: n. A system of government that exercises a dictatorship
of the extreme right, typically through the merging of state and
business leadership, together with belligerent nationalism.
-- The American Heritage Dictionary, 1983
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
-----END PGP SIGNATURE-----
More information about the Gnupg-users