On 12/3/2013 7:49 PM, Hauke Laging wrote: > Compromising the respective mainkey is more difficult by several > orders of magnitude. You would have to compromise at least the boot > medium (CD/DVD) or the hardware I use.
Why do you think it's hard to compromise your boot medium? Your boot medium isn't a CD or DVD: your boot medium is the UEFI firmware that gives you the choice of where to boot from next. UEFI is a surprisingly capable operating environment. If I can compromise your machine, then I put down my own code in the UEFI loader and wait for you to reboot your machine. > Of course. But these risk models are incompatible with the > requirements of crypto usage in a business environment. They are even > incompatible with a real Web of Trust. Hauke, you don't get to define what other people's models are, or even what they should be. Neither do I, for that matter. Those models are incompatible with what *you perceive* to be the requirements of crypto usage in a business environment, but I promise you there are people using crypto in a business environment who perceive things much differently. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
