Someone has harvested my address
Sven Radde
email at sven-radde.de
Wed Sep 10 01:32:06 CEST 2008
Hi!
Am Montag, den 08.09.2008, 19:40 -0500 schrieb Robert J. Hansen:
> The conversation we're not having, which I think we should be having, is
> "how can we have trusted communications on a hostile network when we
> don't know if we really control our own PCs?"
I guess we're not having this discussion because the answer is trivial:
"Not at all."
Anyway, keep in mind that the "common" trojan does not target GnuPG
key/traffic/passphrases, AFAIK. It's more about harvesting email
addresses, cradit card numbers, banking data and, lately, gaming
accounts.
So, unless your threat model includes an attacker that will send a
specially crafted trojan to get to your encrypted data / falsify your
signatures, you might replace my above answer by "don't worry".
Anyway, it would be fascinating to see a GnuPG application (or, better,
an email client with GnuPG capability) built on top of a TPM-protected
micro-kernel such as Turaya:
<http://www.emscb.com/content/pages/turaya.htm>
cu, Sven
More information about the Gnupg-users
mailing list