Security Concern: Unsigned Windows Executable

Robert J. Hansen rjh at
Wed Jun 3 01:02:53 CEST 2009

Daniel Kahn Gillmor wrote:
> guys, with all due respect, the original poster was not asking for a
> philosophical digression.  he was asking how he could practically
> identify the provenance of the copy of gpg he was hoping to use.

John Clizbe answered, "[i]f you're so committed to this verified and
signed thing that you're unwilling to trust anything, you should
probably look into building some things of your own."  My remark was a
very serious warning: if the OP is so committed, my "philosophical
digression" is what lies at the bottom of that rabbit-hole.

> John Clizbe has offered one practical choice (see if PGP Corp. offers a
> demo version with a signed executable).

Active MitM assumes that you have an attacker who is technically skilled
and highly motivated.  It is ludicrous to think that an attacker skilled
enough to do active MitM and motivated enough to go after you directly
would for some reason be constrained to play within the carefully
defined box the crypto community has created.  Rule number one of
successful attacks: get outside the box.

If the OP is seriously concerned that there's an active MitM attack
going on against him, he needs get off the internet and obtain the
professional services he needs to end the threat.

No, I'm not kidding.

More information about the Gnupg-users mailing list