Multiple email addresses - any alternative to ask everyone to sign all my keys?
Mark H. Wood
mwood at IUPUI.Edu
Wed Jul 24 15:15:16 CEST 2013
On Wed, Jul 24, 2013 at 08:35:25AM +0200, Heinz Diehl wrote:
> On 24.07.2013, Philipp Klaus Krause wrote:
>
> > I do not trust the computer at university with the secret key used to
> > decrypt my private mail.
> [....]
>
> > Still, I want to be able to read any encrypted mail sent to my
> > unversity addresses on the computer at university. And I want to use
> > encryption, since the mails might contain sensitive information, such as
> > exams, grades, etc (and the mail servers are maintained by students).
>
> You can't have security on a machine which is out of your control. If
> others have physical access to your machine at university, what you
> want isn't possible. They could simply install a keylogger or other
> monitoring.
Absolute security isn't possible. Any machine you are not shackled to
is sometimes out of your control. The best one can do is make the
expectation of loss significantly more than the expectation of gain.
Smart attackers will go elsewhere and stupid ones can be caught.
Installing a keylogger represents a significant risk of detection. If
"they" can do surreptitious monitoring, how do "they" know that I am
not doing surreptitious monitoring? Remote log servers, firewall
logs, 'tripwire', cheap cameras the size of an aspirin tablet....
--
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Machines should not be friendly. Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: </pipermail/attachments/20130724/7b1be8d4/attachment.sig>
More information about the Gnupg-users
mailing list