<<< Date Index >>>     <<< Thread Index >>>

Re: GnuPG weak as one guy with a spare laptop.



obnoxious@xxxxxxxx wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What is your point exactly? How secure are Verisign, Thawte or
anyone elses servers outside of them just stating "We take X
Precautions".

Do you argue "Some chains are weak" implies "All chains are weak"? Please explain. I missed it.

I'll agree that software and certs from Verisign, Microsoft, Sun, Yahoo, Citibank are also only as safe as those "X precautions".

What's your point in bringing them up? I don't trust their cryptography software the way I trust GnuPG, so I'm not interested in discussing them specifically.

It's easy to get "gpg --verify" to exit(0), but what that exit code _means_ matters to me, and that is determined by the precautions at the end points.

Do you have any knowledge of what those X precautions are, or if they can be improved for GnuPG?

Forrest

P.S. I forgot to mention that I appreciate the honesty of Werner Koch's "spare laptop disclaimer." Big corporations should be as transparent and honest. Truth is there are many who are more lax than Werner Koch, but say they are more dilligent.