[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian.org sending viruses



On Wed, Mar 05, 2003 at 01:36:36AM +1100, Andrew Lau wrote:
> On Mon, Mar 03, 2003 at 10:14:37PM -0600, Steve Langasek wrote:
> > ...encourage the widespread adoption of end-to-end cryptographic
> > signatures in email.
> > 
> > Nothing else is likely to have much impact.
> 
> Dear Steven,
> 	In my opinion, this would make things worse. If the general
> public embraced signed emails as commonly as they use Outlook, I'm
> sure we'll encounter just as many viruses/trojans as we do
> now. Except, that this time around, they would compromise the signing
> application and passphrase/keys as well. The nightmare scenario would
> be when these trojans start weakening the whole web of trust we
> already have by signing other random keys maliciously.
> 	All the more reason to keep GnuPG/PGP to those who know what
> they're doing and why they need it.

I am not understanding how this would be a "nightmare scenario".  As I
understand it, the web of trust is formed by signatures I (to some
degree) trust appearing on keys I know nothing about; that is, the web
of trust is not formed by signatures I know nothing about appearing on
my key or other keys I trust (to some degree).

I can sign your key right now and upload it; this proves nothing
except my lack of understanding regarding cryptographic signatures.

-- 
Nathan Norman - Incanus Networking mailto:nnorman@incanus.net
  Unix was not designed to stop people from doing stupid things,
  because that would also stop them from doing clever things.
          -- Doug Gwyn

Attachment: pgpT8pITjDfAj.pgp
Description: PGP signature


Reply to: