[snip]
Unless you have a trusted computing device in your hands, it is impractical to learn about public key cryptography, learn the basics of GnuPG, create a key, and have it signed all in one go.
I am trying to figure out how to have a trusted machine, the trouble is that there just doesn't seem to be a good way to do this. If you boot to a Live CD, for example, who's to say that it isn't tainted?
Is there a "golden trusted secure" iso out there for a live CD that has an MP5 signature that validates the system as clean? Surely there has to be a way to boot to an external medium (floppy, CD, USB, whatever), initiate an SSL connection to a site and have the site certify that the machine is "clean." If there's any doubt on the part of the user, run it again before executing the pgp key generation algorithm. Even better, the system could have a "clean daemon" to signal a warning if the system is somehow changed.
Perhaps something like this:
http://tinfoilhat.shmoo.com/
[snip]
Probably the group who could create keys in one go like that would be more interested in the meta-discussion I was hoping to have at this keysigning about smart cards or USB keys or other external key storage devices which can be as physically secure as your person and theoretically quickly destoyed if the risk of it being compromised is great. (That's one of those bits of paranoia that most people would want justified, I'm sure.)
I think this is excellent. I'd like to learn more.
-Cooper
-- -------------------------------------------------------------- | Cooper Stevenson | Em: [EMAIL PROTECTED] | | GenCom | Ph: 541.924.9434 | | "Working For IT" | Www: http://www.gencom.us | -------------------------------------------------------------- |
_______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
