Someone has harvested my address

David Shaw dshaw at jabberwocky.com
Thu Sep 11 23:50:58 CEST 2008


On Tue, Sep 09, 2008 at 04:32:08PM -0500, Robert J. Hansen wrote:
> David Shaw wrote:
> >> The conversation we're not having, which I think we should be
> >> having, is "how can we have trusted communications on a hostile
> >> network when we don't know if we really control our own PCs?"
> > 
> > You can't, of course, so it would be a short conversation :)
> 
> Well, yes, but that's kind of not really what I was aiming to start.  :)
> 
> When confronted with the fact many PCs (typically Win32, but there's no
> reason to think exclusively so) are compromised without us knowing it,
> what then should our response to it be in terms of effective usage of GnuPG?

Teach good security hygiene.  Imparting knowledge is pretty much the
only thing you can do here.  People need to know why they should use
an OS that isn't a petri dish of infections, but that even discarding
Windows doesn't make you perfectly safe.

The quest for *perfect* safety is a doomed one from the start - you
can always come up with some reason (however impractical in the real
world) why it's not secure enough.  Past a certain point you have to
say you did the best you could, and move on.  That point, of course,
varies widely depending on whether you're emailing your friend about
going to the movies, or emailing your local revolutionary cabal about
taking over the country.

So, for a 1-sentence response, how about "Using GPG doesn't make you
perfectly secure: it just makes you a heck of a lot more secure than
you'd be without it."

David



More information about the Gnupg-users mailing list