On 11/06/2017 10:26 PM, ved...@nym.hush.com wrote:


On 11/6/2017 at 4:55 PM, "Tim Steiner" <t...@crp.to> wrote:

With this solution you can keep the key offline, carry it with you and it  > 
works even on a computer where you can't install software...
>
We are interested to hear feedback on this approach from the community.

=====

Using this on anything except your own computer, or laptop, is problematic...

=====

This is a mantra from another, more gentle time.

Today, there is a whole class of real-world use cases where the
protection of the user demands that it not be known to the adversary
he or she is communicating with someone, as much - or even more -
than it is required that the content of the communication is kept
confidential. If the connection between the user and the computer
is transient, there may well be many instances where the adversary
will not be able to identify the user, even if he manages to learn
the content, and where the content, without the identity of the
communicator, is of very limited value to the adversary.

It therefore appears to me this is a worthwhile project, provided,
like always, *and for any crypto*, the user understands his or her
threat model.



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to