Robert J. Hansen rjh at
Wed Apr 27 15:10:22 CEST 2011

> yep. Phil Zimmerman noted that in his original essay on PGP.  If you
> have a malware infection you can no longer speak to what your computer
> is or is not doing.

In fact, it's quite a bit worse than that.  Your traffic is secure only so long as both endpoints are secure.  Depending on who does the numbers, 15%-30% of all desktops are pwn3d.  Even if your desktop is safe, the odds aren't good the other end will be, too.

There are many reasons why I feel OpenPGP is more or less irrelevant in the world today, outside of some very special case scenarios.  This is one of the big ones: OpenPGP's necessary precondition -- that our endpoints are both securable and secured -- is not met.

More information about the Gnupg-users mailing list