On Thu, 11 Sep 2008, Robert J. Hansen wrote:
. . .
My rephrasing would be,
"Using GnuPG doesn't make your communications perfectly secure: however,
it potentially makes your communications a heck of a lot more secure
than you'd be without it."
A heavy emphasis needs to be placed on 'potentially'. The elephant in
the middle of the room is just how much uncertainty there is within that
word. It isn't so much the uncertainty which bothers me, but how
nigh-impossible it is to pin it down.
. . .
Right. One suggestion would be to try to identify as
many as possible tactics each of which by itself should
contribute some amount to security, then do one's best
evaluation of combining them pairwise all possible ways,
then triple-wise, etc (basic combinatorics) to see if their
effects when combined are at least not negative and hopefully
supportive of security. Like the beginnings of crude science,
maybe even of some formal analysis. Then use what looks best
so far, always keeping one's eyes open for more information.
Not a guarantee, and not pinning anything down tightly
(unless one gets lucky), but is one way of getting the
squirrels at least into a bag and not out chewing on
the phone line, while looking for more exact solutions.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
