Le dimanche 27 janvier 2019 à 13:11 +0000, Holger Levsen a écrit : > I *believe* they probably misunderstood evil32.com and it's fallout.
CAs and GNU/Linux distributions are #1 targets for national intelligence agencies. Debian developers are not using smartcards to store their GPG keys, including the master key signing code. It is very likely that Debian master key has been stolen. I would be very surprised if it had not been stolen. One reason why nobody wants to use SSL, including OpenBSD, is that there is a wide belief that SSL private keys have been stolen. Therefore there is no need to use SSL, as it does not offer a real protection. This is simply GAME OVER (part 1 of the game). One reason why I am not using Qubes, is that it does not offer a real protection compared to Debian, as both systems are IMHO compromised. At present, any government with a valid certificate from Intel can use Intel ME backdoor to access all resources from a computer, including keyboard and screen and there is no way to secure an X86 computer. If Qubes was making a wide use of Smartcards with a separate pinpad reader and was using a hardened operating system like OpenBSD or even a hardened GNU/Linux, I would have a closer look at it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d33856a9f5065d64564649bd56b6a0b6d746d7c.camel%40mailbox.org. For more options, visit https://groups.google.com/d/optout.