I see, nothing to really clear up. Sorry if you're sensitive. I call a spade a spade when I see one. Maybe a little more security minded than most and simply don't that I should agree with your opinion, that's all. So I'll take another stab at the same question and word it differently now that you've made your points.
Just because a key is generated as root, does that make it any more secure than a key that is generated as a regular user that is not connected to the Internet or any network at all? Keys are transferable. This is also without the hindrance of sniffer programs already running on the given system to capture keystrokes, passwords or what have you. IMHO once the key is generated, I would think it's all over. Doesn't matter if it's ROOT uid'd or not. Therefore, I would not setuid root for a process that can be run as a user with the exact same results. That's why, I value your opinion and other's opinions as well. Excuse my English, it's not one of my talents. If I"m wrong and I probably am, I would sooner make the compromise of having LESS secure email over leaving a security hole for someone to attack given systems with. Just MHO again. So again, the question is, does GPG key generation matter if it's done as root vs being done as a general user who is not connected to any other computers that is not under surveillance ? Thanks. On Wednesday January 22 2003 14:55, you wrote: > Well, I'll have to say, I'm a little unclear about the tone of your email. > Before I make any further response, probably best that I toss it back your > way to clarify whether you found my original response helpful or not. > > Ian > > On Wednesday 22 January 2003 1:09 pm, Garth Meisel wrote: > > Unfortunately, the manual does not give OPINION's. > > Setting UID root is just not going to hapen. > > And, now I'll RTFM again. Brains as tiny as mine only hold so much > > information and this poor little sucker is best defined much like the > > Grinch's sled.
