> couldn't it also be that the owner/admin of the cloud makes changes to > the keyring? Like adding/removing keys. Dependent on the trust model > (like trust-always) this could be a very bad idea... Or it could result > in a DOS as the evil admin deleted the secret parts of some key pairs..
The biggest risk is the gpg.conf file, actually. If the admin silently adds another "encrypt-to" and you don't notice it, then you're totally hosed. Like I have said -- there are a lot of files in .gnupg that probably should not be hosted in the cloud. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
