-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 23-01-2015 a las 0:29, Robert J. Hansen escibiĆ³: >>> Smartcards exist to keep private keys safe(r) from being >>> stolen. They do a pretty good job of that. But when we expect >>> smartcards to be able to somehow make a compromised environment >>> safe to ... >> >> Yes, but maybe you are missing an interesting point... > > You're changing the subject slightly. :) The thread is about > letting a legitimate user continue to safely use the system; you're > talking about limiting the damage an attacker can do. The two are > related but different.
Oh, yes, you are right. After all, if the attacker can "steal" a signature, then each time we try to sign something legitimate, the attacker may be able to hijack it and sign something we don't want to sign, and the thing we want so sign will remain unsigned. And even if the attacker can't hijack the signature, malware may very well hijack the email account, etc. > The idea might be good for damage mitigation; but for permitting > continued normal operation, it's IMO a non-starter on every level. Yes, compromised machine must be cleaned ASAP. BTW, if somebody is willing to develope such safety device, I hope it is designed to have a "go ahead" button to press, but not to require entering a pin-code each time. If entering the password to unlock GPG key too often is unpleasant, doing that in a tiny pin-pad that maybe is not in a comfortable place would be unusable. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJUwdw8AAoJEMV4f6PvczxAFa8IAJSTu/uHY2tE71cTMgfjD2Rm uZG0BFbTF1Ypurz0TxoHxBNfiSjwo+o41gm0+bqV6M24V5hGMAIKBfcpx8GUFZf9 YQrl0Vv7VbffUjcRao96ikkstisU/utzQpn06wbd5hLlEAAl6MAvINg0laqeay3u gjdtgpEQESivsedQm1yFIPy7xvEJ7bT3qmuZ+V8hYnsFA/v/iJilZNRQzZVubmB0 wy8v5HN0PXYuOKCGo+XJTu5I02YKfOhKPEu1gpEY5VpQ7Prl4IeMGr45bM7TXv54 kC0gtv7i4Bmulkg30VeJgdTf7bktmQV5Wx7MgErVGDAIvgJTst2X0e/Q0a5A3zA= =X8pm -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
