> On 06/02/13 02:49, Robert J. Hansen wrote: >> It makes no sense to me to believe that it's somehow possible to have a >> dongle that you can plug into a compromised PC to make it safe (or >> safer) to sign with. > > Can you explain (broadly) how one would compromise the signature/the > device that > you sign with? > > I myself always say "if you don't control your own PC, it's over". I don't > see > however how that compromised PC in this instance can force me to do false > signatures, which is the context I'm placing it in. > > You're still majorly screwed, obviously. An attacker will easily come up > with > some other nasty thing to do to you. Just not issuing false signatures. > > Peter. >
Can't say better than that. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users