Em 23-01-2014 09:33, Kevin Chadwick escreveu:
> Why would you have so much trust in the ether unless you have met
> someone with say a DNSSEC key or have a web of trust with someone you
> have met and that you trust and has met and swapped keys further up
> the line. The first key for DNSSEC is almost always untrusted, though
> you can use SSL to check the fingerprint. Surely it takes more
> resources for the NSA to get your particular CD? and surely you should
> be prioritising other concerns than the NSA anyway and would see the
> CD as a valuable extra authentication? Along the lines of what the
> OpenBSD manual says, if the black suits target you, do you really
> believe you can stop them?
It is true that the first key of DNSSEC is always untrusted. But,
there are plenty more ways to check it than the number OpenBSD mirrors.
So the target is much bigger. I use every and any mean possible to
validate things, DNSSEC would make things a little simpler, just it. I
don't trust anything, not even myself. Humans have the tendency o
fucking things up. The same for compromised machines. At least I can try
to keep my machines not compromised. Unless some crazy scientist invents
an injection that cures humans from making mistakes.
I do not believe I can stop any government with loads of money from
compromising my machines. But at the very least I can try to put up a
hell of a fight for them. I do not like to be the low hanging fruit.
Cheers,
--
Giancarlo Razzolini
GPG: 4096R/77B981BC
