From: "Nico Williams" <n...@cryptonector.com> > What should matter is that malware should not be able to gain control of the device or other user/app data on that device, and, perhaps, that the user not even get a chance to install said malware, not because the malware's signatures don't chain up to a trusted CA but because the "app store" doesn't publish it and the user uses only trusted app stores. Neither of the last two is easy to ensure though
And yet we see things like someone (apparently) sneakernetting a thumb-drive from an infected Internet Cafe to the SIPR network: <http://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html> If the USG can't even keep thumb drives off of SIPR, isn't the whole game doomed to failure? (What genius thought it would be a good idea to put USB ports on SIPR-connected boxes, anyway?) _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography