Re: RFC: gnupg

To: Zed Pobre <zed@moebius.interdestination.net>, James Troup <james@nocrew.org>
Cc: debian-devel@lists.debian.org
Subject: Re: RFC: gnupg
From: Raul Miller <rdm@test.legislate.com>
Date: Sun, 5 Jul 1998 20:23:24 -0400
Message-id: <[🔎] 19980705202324.D786@test.legislate.com>
Mail-followup-to: Zed Pobre <zed@moebius.interdestination.net>, James Troup <james@nocrew.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.3.96.980705170010.9156A-100000@moebius.interdestination.net>; from Zed Pobre on Sun, Jul 05, 1998 at 06:01:15PM -0500
References: <[🔎] dmmra00m085.fsf@dcsun4.comp.brad.ac.uk> <[🔎] Pine.LNX.3.96.980705170010.9156A-100000@moebius.interdestination.net>

Zed Pobre <zed@moebius.interdestination.net> wrote:
>     Old developer A creates a new GPG key, extracts it, signs with his
> old PGP key and sends it in.  Verifying developer B receives the
> message, verifies and strips the PGP signature.  Unfortunately, he's
> foolishly doing this on a machine where he's not root, or doing it in
> a user-writable directory.  Nasty intruder C knows that A was planning
> on sending in a new key, and has spoofed a key with his name, and
> encoded it.  Since he happens to be root, or at least a user with

If root is compromised on a machine used for PGP, nothing is secure.

Root can intercept keystrokes used for the pgp password, and can
replace the entire keyring.

-- 
Raul


--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: RFC: gnupg
  - From: Zed Pobre <zed@moebius.interdestination.net>

References:
- Re: RFC: gnupg
  - From: James Troup <james@nocrew.org>
- Re: RFC: gnupg
  - From: Zed Pobre <zed@moebius.interdestination.net>

Prev by Date: Re: wnpp stale? perl's dbd unsupported?
Next by Date: Re: Hamm Bug Stamp-Out List for July 5
Previous by thread: Re: RFC: gnupg
Next by thread: Re: RFC: gnupg
Index(es):
- Date
- Thread