> Of course smart cards aren't some kind of magic bullet, but if the > goal is to drive wider adoption of GnuPG and OpenPGP based > cryptography, I can't shake the feeling that smart cards are a huge > part of the answer. Thoughts?
(ObWarning: no facts, just opinions.) I think the biggest problem we face, to be honest, is our conviction that there's an answer out there and we just have to find it. It seems to me far more likely that it's like curing cancer -- if/when we finally cure cancer, we won't cure cancer, because there is no single thing, "cancer". Cancer is a name we give to literally thousands of distinct different diseases which have exactly one thing in common: uncontrolled cell growth. Leukemia isn't glioblastoma, and my wanting to keep my email safe against sneaking sysadmins isn't the same as a human rights worker in Syria who's living under persistent surveillance. In a similar vein, I don't think we will ever reach "the answer" for email crypto. There are too many people with too many different use cases, skill levels, threat models, needs, and so on. Our obsession with finding "the answer" seems to blind us to the possibilities of making small positive changes in small communities, with the idea that if we do this enough times, for enough small communities, we might be able to make a difference overall. So -- no, I actually don't hold out much hope for your project. Smart cards are not part of the answer, because I don't think there's an answer to be had. But smart cards could definitely be a part of many small answers. :)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
