On 04/27/2015 12:36 PM, Peter Lebbing wrote: > On 27/04/15 11:43, MFPA wrote: >>> But I suppose it could work if you only use the NFC >>> functionality when you're in a safe environment such as >>> your own home. >> Presumably that would mean keeping your card in an RFID-proof wallet >> or tin when out and about. > Well, if the PIN protection actually works (unlike in the affected > Yubikeys) and you only enter the PIN in an environment where you're sure > nobody is sniffing the over-the-air data, I suppose you could decide to > rely on the fact that your PIN is still secret, preventing access to > unauthorized people. > > Peter. >
Hi, whether this is a big or minor issue really depends on the use case. In my opinion the perfect use case for the yubikey NEOs OpenPGP is to respond quickly to confidential but not extremely sensitive email in all environments which includes mobile phones. Here it's still significantly better to use one with the vulnerability then the most common alternatives: storing the key on the phone or using plaintext email. Ideally I would like to have one identity with multiple subkeys which also communicate multiple use cases, say 1) confidential: subkey on a yubikey NEO 2) secret: subkey on a smart-card with an independent card-reader with a pin-pad 3) top secret: offline key Then the sender could select the right one for the message. Willy _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
