dougb at dougbarton.email
Sun Apr 9 20:30:47 CEST 2017
On 04/09/2017 11:01 AM, Mike Gerwitz wrote:
> If I know a threat exists, I'm going to evaluate my threat model and
> decide whether or not it is worth my time to mitigate it; whether I can
> hope to mitigate it; and whether attempting to do so is going to put me
> at even more risk for some other threat.
You and Rainer have gone on at great length about the part of the threat
model equation dealing with the attacker. However, you don't seem to
take into account the other part of the equation, what you are protecting.
The overwhelming number of PGP users simply use it because it's cool.
They don't have anything approaching significant secrets to protect,
it's just fun to do cryptography. There is nothing wrong with that, in
and of itself. (Note, I acknowledge that there are people for whom
signatures and encryption actually matter.)
There is not even anything wrong with the idea that using smart cards,
air-gapped computers, detached signing subkeys, etc. *can* be part of
that fun. The concern is that when folks tell the new users that they
are *required*, that becomes problematic for a couple of reasons. First,
it gives a false impression of how secure the "basic" version of GnuPG
is in the first place. Perhaps more importantly, it places a much higher
barrier to entry for new users; for no measurable ROI.
So if folks want to imagine that you live in a Bond film, and that
SPECTRE is out to get you, so be it. I don't begrudge you that fantasy.
But when it comes to offering advice to new users, please be realistic
about what they are actually going to benefit from.
More information about the Gnupg-users