On Thu, May 25, 2006 at 03:04:53PM +0200, Holger Levsen wrote: > while I agree that flaws in the actual protocol being used are problematic and > worth pointing out, I wonder much more why people aren't more worried about > how people use their computers: (double booting windows and) not using > encrypted partitions, leaving there computers unlocked while being away, > using binary only (non-free) software, running experimental packages from > various sources (assuming that sid, testing and stable are safe..), etc. This > potentially exposes the integrity of the private key, not only the integrity > of signatures - which later can be revoked anyway. Difference of degree, difference in what we think we can prevent. If someone manages their key poorly, but we really do know *who* that person is, then a) if the key is compromised by an attacker and used for ill there's a chance the real owner will notice this and the damage will be mitigated, b) we can hold the owner of the key responsible for any damage done with it. If, OTOH, the *true* owner of the key is not who they've claimed to be, and this person proceeds to use his access to compromise Debian or $insert_evil_thing_here, they pretty much get away with it with only the cost of a throw-away identity. As always, this comes down to doing what we reasonably can to raise barriers to attackers to make attacks cost-prohibitive, without spending more time/money/effort on it than is justified by the returns. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@debian.org http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature