yes, Virginia...

[listo factor]

On 04/22/2017 11:12 AM, Peter Lebbing wrote:

> It feels like you are saying "if you have a real need for
> communication security, a smartcard will make you more secure";

No, this is not what I'm saying...

When asked, I simply repeat that I completely agree with the above
quoted "Laurie/Singer proposition". For those that agree, the
practical (but not effortless) options are:

a) Simulate their "Nebuchadnezzar device" on an air-gapped general
purpose computer with a general-purpose OS, equipped with crypto 
software, that never connects to the Internet.

b) Set up their primary general purpose computer as a dual boot
machine, with the trusted OS that does not include access to the
network hardware, that can read the data extents of the connected OS,
and that is regularly refreshed from a verified static system image.

c) Smart card can be, in some marginal instances, only "better than
nothing". Tea-spoon better.

I also tell them that using encrypted mail on an Internet connected
general purpose OS computer is good for practice and "fun factor",
but not much else.

Finally, I completely agree that it would be irresponsible to say
to those with real need for communication security, that simply using
a Smartcard will increase their general security level. However,
vague statements to the effect that "yes, Virginia, you can preserve
the security of your endpoint system" are not any better.