Smart card

[Doug Barton]

On 04/09/2017 11:01 AM, Mike Gerwitz wrote:
> If I know a threat exists, I'm going to evaluate my threat model and
> decide whether or not it is worth my time to mitigate it; whether I can
> hope to mitigate it; and whether attempting to do so is going to put me
> at even more risk for some other threat.

You and Rainer have gone on at great length about the part of the threat 
model equation dealing with the attacker. However, you don't seem to 
take into account the other part of the equation, what you are protecting.

The overwhelming number of PGP users simply use it because it's cool. 
They don't have anything approaching significant secrets to protect, 
it's just fun to do cryptography. There is nothing wrong with that, in 
and of itself. (Note, I acknowledge that there are people for whom 
signatures and encryption actually matter.)

There is not even anything wrong with the idea that using smart cards, 
air-gapped computers, detached signing subkeys, etc. *can* be part of 
that fun. The concern is that when folks tell the new users that they 
are *required*, that becomes problematic for a couple of reasons. First, 
it gives a false impression of how secure the "basic" version of GnuPG 
is in the first place. Perhaps more importantly, it places a much higher 
barrier to entry for new users; for no measurable ROI.

So if folks want to imagine that you live in a Bond film, and that 
SPECTRE is out to get you, so be it. I don't begrudge you that fantasy. 
But when it comes to offering advice to new users, please be realistic 
about what they are actually going to benefit from.

Doug