Encrypt & Sign

Atom Smasher atom at smasher.org
Mon Jan 17 01:02:13 CET 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, 14 Jan 2005, Neil Williams wrote:

>> in a techno-philosophical sense, you never *really* know what you're 
>> signing unless you do the math by hand...
>
> That's disingenious Atom - the premise of the article is a rogue 
> program. Isn't that why we use free software? That's why we verify GnuPG 
> carefully before installing, why we have the source code to inspect to 
> allay precisely these fears.
=================

as a practical matter, you're mostly correct. as a nitty-gritty technical 
and philosophical matter there's still a gap.

also, just because some of us use open source tools doesn't mean everyone 
does... and open source isn't magically secure. some people use gpg/pgp on 
shared machines, or machines that they don't have exclusive root access 
to. some people use public terminals to access their secure machine and 
their secret keys. there are plenty of things that could (in theory and 
practice) come between an individual and their key. it's the 
responsibility of key owners to make sure their keys aren't compromised. 
if keys are compromised then the responsible thing to do is revoke those 
keys.


- -- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	fascism: n. A system of government that exercises a dictatorship
 	of the extreme right, typically through the merging of state and
 	business leadership, together with belligerent nationalism.
 		-- The American Heritage Dictionary, 1983

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJB6wCKAAoJEAx/d+cTpVci1OIH/3mLV+RDpDcTVPg1d+z4I5TX
FEQPrz3PTwqAs7N9BKrLMssjTq/iBuJzRwW7NRTK36mUz0JydEFFPww1VFUw0Z4T
aXV0WKAXFSzu8DxkdPlDLZ2MXTvpoMJK5pB1G7ui8RvuW2CSn+ryzl1h/x1h3Rmm
ayAJbdT5MD7Q8m+Qq0DHbLftCoIXs4jjyuKbNlg6NSJA1Bxeoqj7pYAyBaT6bvJL
IJ7+Lg7lz1ERsgGiFCAF+5oH96rveCbHaZfh0psk7uwFgcFBZbPMKDo3ca+BbE9S
JQ0cREIoso2q8ipxCDmX8qEDmktQKP+44FTkMRgiF7+ADTz7y6I3/mX9Cewdb5U=
=2Lch
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list