On Tue, Sep 09, 2008 at 04:32:08PM -0500, Robert J. Hansen wrote: > David Shaw wrote: > >> The conversation we're not having, which I think we should be > >> having, is "how can we have trusted communications on a hostile > >> network when we don't know if we really control our own PCs?" > > > > You can't, of course, so it would be a short conversation :) > > Well, yes, but that's kind of not really what I was aiming to start. :) > > When confronted with the fact many PCs (typically Win32, but there's no > reason to think exclusively so) are compromised without us knowing it, > what then should our response to it be in terms of effective usage of GnuPG?
Teach good security hygiene. Imparting knowledge is pretty much the only thing you can do here. People need to know why they should use an OS that isn't a petri dish of infections, but that even discarding Windows doesn't make you perfectly safe. The quest for *perfect* safety is a doomed one from the start - you can always come up with some reason (however impractical in the real world) why it's not secure enough. Past a certain point you have to say you did the best you could, and move on. That point, of course, varies widely depending on whether you're emailing your friend about going to the movies, or emailing your local revolutionary cabal about taking over the country. So, for a 1-sentence response, how about "Using GPG doesn't make you perfectly secure: it just makes you a heck of a lot more secure than you'd be without it." David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
