-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 04.05.2014 12:52, schrieb Robert J. Hansen: >> No, there are no good reasons. > > If that's an axiom in your system, then so be it. But let's not > go about thinking that's something you've deduced from principles. > Well I haven't heard any so far.
> It's not about technical problems. In the case of the President > and his autopen, it's about legal problems. Under United States > law, for a piece of legislation to take effect the President must > affix his signature to the *exact same piece of paper* that the > House and Senate affixed their marks to. He's not allowed to sign > a copy. > So, let's make an insecure system instead of maybe changing the law? Or maybe changing your priority as a president. There is more than one road that leads to Rom. Besides, *he* needs to sign the original document. So it is okay to make it appear he signed it originally by himself but he has not? That is okay and within the law? For this to be within the law, I would expect they would need to write it into the law. So they also could write other stuff in the law, e.g to add the information who operated the autopen and that an autopen was used. > You are certainly free to think this is a broken system. (Thinking > the American political system is broken is the favorite pastime of > many Americans.) But you have to admit this is a real-life example > taken from the highest corridors of power in an environment where > there are some extreme security implications of allowing third > parties to execute the President's signature... > > ... /and yet they choose to do it./ > This is, again, rhetoric and not an argument. I explained that before. > That's the world we live in. You are, of course, free to scream > that they are all idiots and fools and morons who are not listening > to your divinely-inspired wisdom. Me, I'm going to grit my teeth, > say, "well, let me see if I can help them not make a complete hash > of things," and engage the world as it is. > No I'm not screaming. It has nothing to do with me having more wisdom than others. I just want to learn from the past and put 10% more energy in having a more secure system. I'm just saying that there are better ways to solve the same problem while you defend your position with phrases and rhetoric and not with arguments. Let me exaggerate of what it sounds to me, what you are saying: There is a nuclear power plant build next to a volcano on the shore of an ocean and just on top of the boundary points of two tectonic plates. I'm saying. Hey guys thats stupid, shouldn't we build wind engines or wave power machines here instead and shut down the nuclear power plant? The volcano is active, tsunamis do happen here and let's not forget about the earthquakes. And you are saying: "You are, of cause, free to scream that they are all idiots and fools and morons who are not listening to your divinely-inspired wisdom. Me I'm going to grit my teeth, say, "well, let me see if I can help them not make a complete hash of things," and engage the world as it is." It is valid to say: Yes this is stupid but we need to secure the system on a short term perspective as it is but we need to do something better on the long run. But from what you are saying and how you are behaving I only get: The world is stupid. I won't change it but I will help to make the outcome of the stupid things not have such a bad effect. But I will defend the overall stupidity behind it because the stupidity is done and that is how the world is. And there are people saying "We are not going to change it." > Did you read the part about the ex-CEO breaking into my apartment > and accessing my PC? Come on, man. My *personally owned* > certificates were compromised. How much worse could it really have > been if he'd chosen to improperly use my *corporately owned* > certificate? > Yes, I said I read the story. And ones you discovered your personally owned certificates were compromised you revoked them, made new ones and you were aware of the fact that they might be misused and could be more cautions over a period of time. But your corporate certificates could have been misused from the beginning without stealing them first from you by design of the system you defend. Can you see the difference? >> And as a side note. Your answer to my other mail completely >> missed my point. I was saying that you are using phrases and >> rhetoric rather than arguments to try to defend your point. > > If you haven't been seeing arguments, then I respectfully suggest > reading closer. > I didn't say you are *only* using phrases and rhetoric. I admit you are also using badly designed examples which most of the time, if you think them through, are not helping your point. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEAREKAAYFAlNnTs4ACgkQ/6vdZgk46shx0wCePfgKmiv3wpOQl/n8bnR7WhEA puYAn0UWyjiplyGQUoIrkdqY5/dQV3cs =BxdB -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users