Someone has harvested my address
reynt0 at cs.albany.edu
Sat Sep 13 01:55:43 CEST 2008
On Thu, 11 Sep 2008, Robert J. Hansen wrote:
. . .
> My rephrasing would be,
> "Using GnuPG doesn't make your communications perfectly secure: however,
> it potentially makes your communications a heck of a lot more secure
> than you'd be without it."
> A heavy emphasis needs to be placed on 'potentially'. The elephant in
> the middle of the room is just how much uncertainty there is within that
> word. It isn't so much the uncertainty which bothers me, but how
> nigh-impossible it is to pin it down.
. . .
Right. One suggestion would be to try to identify as
many as possible tactics each of which by itself should
contribute some amount to security, then do one's best
evaluation of combining them pairwise all possible ways,
then triple-wise, etc (basic combinatorics) to see if their
effects when combined are at least not negative and hopefully
supportive of security. Like the beginnings of crude science,
maybe even of some formal analysis. Then use what looks best
so far, always keeping one's eyes open for more information.
Not a guarantee, and not pinning anything down tightly
(unless one gets lucky), but is one way of getting the
squirrels at least into a bag and not out chewing on
the phone line, while looking for more exact solutions.
More information about the Gnupg-users