Very Newbie Questions

[Robert J. Hansen]

Henry:

Some of this is probably going to sting.  If it does, it does so only
because I was not able to find a kinder way of expressing the same level
of accuracy.

> First, what if you put your keys on one of the crypto cards, or on a 
> USB stick?  What value are your automated HKEY_CURRENT_USER keys now?
> I think what I gave them they can easily extrapolate to the new 
> location without me even saying one word.

A good rule in writing instructions is to aim for 95% of the users, and
tell the other 5% of the users where they can find the specialized
information they need.

John's advice (which, if I understand correctly, boils down to "let the
installer do its magic") is very simple and covers the needs of 95% of
users.  That makes it reasonably good advice.

Your advice is much more technically detailed and much more demanding of
the user, all so you can cover a few users more.  Not only that, but how
many users will in the course of these instructions completely screw up
their box, and then come here saying "I tried to do these instructions
and it failed, now somebody help me figure out how to undo it"?

All this makes it bad advice.  You're sacrificing enormous amounts of
simplicity just so you can cover epsilon more users.

Don't spam people with unnecessary detail.  If they have special needs,
they'll come back here and ask.  It's what this mailing list is for.

> Your install does not handle my needs.

As soon as you're the one asking for help, then we'll be happy to give
you advice that takes into account your needs.

> The super user on my systems when they are running MS Windows is 
> somebody else other than me (hhhobbit). NO, YOU MAY NOT KNOW THEIR 
> NAME!

Nobody's asking.  Nobody cares.

> The end user *MUST* take some of the responsibility.

We've been saying this in computer security for thirty years or more.
This mantra has done us very little good.

> The best way to do that, IMHO, is to lay it all out for them and 
> allow them to make their own decisions.

So how about if I drop the PKCS1-1.5 standard in your lap, a good
reference on the untyped lambda calculus, RFC2440, the FIPS that specify
SHA-1 and DES, and tell you to write your own OpenPGP implementation
from nothing more than raw Assembly instructions and the S- and
K-combinators?

After all.  That's laying it all out for you.

This is an absurdist argument.  It's absurdist for a reason: if you're
going to say "best to lay it all out for them and allow them to make
their own decisions", that's what lies at the end of that road.

Clearly, some things should be beyond the realm of the end-user.  The
only question is where we put that marker.  You want to carry that
marker far, far further on down the road than I think is necessary, or
even safe.

> I also do NOT trust Microsoft to get it correct

If you don't trust Microsoft to get it correct, then stop using
Microsoft products and advise other people to do likewise.

If you don't trust a vendor, then there is literally no level of
precaution you can take which will make that vendor's products
trustworthy.

It is morally disingenuous of you to give advice on how to "secure" a
system you believe to be inherently insecure.

> WHEN YOU ARE ON MICROSOFT WINDOWS PROTECT YOUR KEY FILES!

How is this Windows-specific advice?

> It is best when your OpenPGP key files aren't even on the machine 
> unless you are using it.

Best for whom?  I distrust almost all broad, sweeping generalizations
about security.

> I wouldn't even make that statement.  The correct place for every 
> piece of software I have used is for them to usually install their 
> DLL files IN the the %SystemRoot%\system32 folder.

Please cite chapter and verse for this.  When you describe it as
"correct", that strongly implies there's some authoritative reference
that says what's right and wrong.

There may be an authoritative reference saying this is correct.  If
there is, I would like to see it for myself.

> That is why over 90% of the software I have installed ... puts their
> DLL files there.

Sturgeon's Law: 90% of everything is crap.

Sturgeon's Corollary: There are no guarantees about the remaining 10%.

Just because 90% of Win32 programs do something doesn't mean it's right.
 It could just be a very widely-held stupidity.  Most professional
programmers have seen enough of these widely-held stupidities to be very
cautious about making any definitive statements about good practice just
on the basis of what the other guys are doing.

> *ALL* of this IS in harmony with the GNU / FSF philosophy.  We 
> empower people to make their *OWN* decisions on what is appropriate 
> for them.

Please be careful when you speak for the community.  The outside world
judges us not on the basis of our best advocates, but on the basis of
our worst.  If you're going to speak for the community, please keep your
remarks brief, clear, and so obviously true that few people would
disagree with them.

This is something that Eben Moglen is excellent at.  If you've never
attended one of his talks, he starts off with simple statements that
everyone can agree with, and shows how following those statements leads
directly to the ideals of free software.