More secure than smartcard or cryptostick against remote attacks?

[Michel Messerschmidt]

On Thu, Feb 07, 2013 at 10:03:30AM -0000, refreshing at tormail.org wrote:
> I have no reason to believe my system is compromised. Taking security very
> serious. Otherwise I wouldn't bother posting here. :)
> 
> That sounds like a oxymoron. How can I be REALLY sure my system isn't
> compromised? Mail clients and browsers are major attack surface and a
> device exposed to internet can not be as secure as a small single purposed
> device.
> 
> > It makes no sense to me to believe that it's somehow possible to have a
> > dongle that you can plug into a compromised PC to make it safe (or
> > safer) to sign with.
> 
> I think if designed right it works. This implies the compromised machine
> can not attack the text reading and gpg signing device.

If designed right, your machine won't be compromised. But this is 
obviously a very hard problem.

If your signing device interprets mail, doesn't it become part of this 
"major attack surface"?
And if it only interprets ASCII, how does it differentiate between 
signing ASCII and signing Unicode, possibly including RLO chars?

I'm not sure that such a signing device can be designed simple enough 
to be immune to advanced attacks and still be useful.