Security Concern: Unsigned Windows Executable

Robert J. Hansen rjh at
Fri Jun 5 20:19:45 CEST 2009

reynt0 wrote:
> I'm a litle late commenting, but I think it's worth noting
> in this discussion that any security improvement(s) may be
> useful even if any one may not fulfill all the stringent
> requirements of an ideal systematic analysis.

If your threat model is such that you're concerned about an active MitM
who is messing with your traffic in order to deliver trojaned binaries
to you, then you're in a game-over state.  You cannot win.

People like to talk about "an active MitM can deliver trojaned binaries
to you."  Sure, they can do that, but they probably aren't.  They're not
dumb.  The real situation is "an active MitM who has total control over
the traffic I receive and is intent on doing me harm."  This is a much,
much more serious problem.

I do not believe it is possible to ensure the security of your computers
or your communications when in the presence of an active MitM done by a
competent attacker.

I also do not believe it is wise to base your security policy on an
assumption that your attacker is incompetent.

More information about the Gnupg-users mailing list