rainer at hoerbe.at
Sun Apr 9 20:50:28 CEST 2017
> Am 09.04.2017 um 20:30 schrieb Doug Barton <dougb at dougbarton.email>:
> On 04/09/2017 11:01 AM, Mike Gerwitz wrote:
>> If I know a threat exists, I'm going to evaluate my threat model and
>> decide whether or not it is worth my time to mitigate it; whether I can
>> hope to mitigate it; and whether attempting to do so is going to put me
>> at even more risk for some other threat.
> You and Rainer have gone on at great length about the part of the threat model equation dealing with the attacker. However, you don't seem to take into account the other part of the equation, what you are protecting.
> The overwhelming number of PGP users simply use it because it's cool. They don't have anything approaching significant secrets to protect, it's just fun to do cryptography. There is nothing wrong with that, in and of itself. (Note, I acknowledge that there are people for whom signatures and encryption actually matter.)
> There is not even anything wrong with the idea that using smart cards, air-gapped computers, detached signing subkeys, etc. *can* be part of that fun. The concern is that when folks tell the new users that they are *required*, that becomes problematic for a couple of reasons. First, it gives a false impression of how secure the "basic" version of GnuPG is in the first place. Perhaps more importantly, it places a much higher barrier to entry for new users; for no measurable ROI.
> So if folks want to imagine that you live in a Bond film, and that SPECTRE is out to get you, so be it. I don't begrudge you that fantasy. But when it comes to offering advice to new users, please be realistic about what they are actually going to benefit from.
I know of PGP-based WoT used in security-aware networks of sysadmins, CERTs etc. I would have guessed that a significant part of the audience of this list are professional/experienced/involved admins or developers. But let me know why the majority of users are not.
More information about the Gnupg-users