About PGP Signing a File.
Jeffrey F. Bloss
jbloss at tampabay.rr.com
Tue Feb 13 17:54:31 UTC 2007
John L Fjellstad wrote:
> "Jeffrey F. Bloss" <jbloss at tampabay.rr.com> writes:
>
> > This is a prime example of how security is often more about how a
> > system can be exploited than it is about how robust the tools are.
> > Passports are trivial to forge, and PRZ would have had no prior
> > knowledge of most or any of these peoples' identities. Those things
> > alone make this sort of "puppy mill" key signing less than useless.
> > An actual, real life breach of protocol that should have never
> > happened, let alone be trusted. :(
>
> Security or convenience, choose one :-) Or should that be :-(
Exactly!! :)
The ability to attach a Name to a PGP key is no more than an "economic
necessity" which far too many folk mistake for a form of security. For
a large number of users, maybe even a majority, the issue of identity
isn't critical enough to fret over. But it's important to recognize the
difference between ergonomics and security for those minority scenarios
where it is.
--
_?_ Outside of a dog, a book is a man's best friend.
(o o) Inside of a dog, it's too dark to read.
-oOO-(_)--OOo------------------------------[ Groucho Marx ]---
http://wrench.homelinux.net/~jeff/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070213/f0b65a2d/attachment.sig>
More information about the ubuntu-users
mailing list