what is killing PKI?

Mark H. Wood mwood at IUPUI.Edu
Fri Aug 31 15:40:53 CEST 2012


On Thu, Aug 30, 2012 at 10:43:13PM +0100, MFPA wrote:
> On Thursday 30 August 2012 at 7:34:56 PM, in
> <mid:8723caa5-4796-4f49-bbf3-4c933fdcaecb at email.android.com>, Landon
> Hurley wrote:

Actually that's quoting me.

> > More to the point:  my passphrase never leaves my
> > equipment and isn't recorded anywhere outside my brain.
> > You can only get it by getting inside my computer.
> 
> Or by using a discrete surveillance camera to watch your key presses.
> Or how about social engineering, alcohol, pillow talk, hypnosis,
> rubber hose attack, etc.?

True.  But it reduces the attack surface from "me + anybody in the IT
department at ${giant e-tailer} + anybody at the records management
service they use" to "me".  I think that's a significant reduction.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20120831/7c59f7f3/attachment.pgp>


More information about the Gnupg-users mailing list