On Dec 5, 2007 11:46 AM, new_guy <[EMAIL PROTECTED]> wrote: > Can you dismiss PKI and the benefits that OpenPGP signatures provide to your > user community? Knowing that xyz binary is signed by OpenBSD for > distribution or abc email came from an official OpenBSD source is a good > thing. Trojaned binaries and forged emails happen. PKI can help mitigate > this. The benefit of PKI is widely known and accepted and does not need to > be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of) > does not use it, that's all I'm saying. I also thought there would be a real > reason for not doing so and there may in fact be and I may just be unaware > of it.
What are the risks you are trying to address? What are the widely known benefits of PKI? Who downloads and installs openbsd binaries *FROM AN EMAIL*? Would you consider Bruce Schneier to be knowledgeable about PKI? Have you read: http://www.schneier.com/paper-pki.html -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford