(repatriating to the thread) On 01/08/12 22:13, ved...@nym.hush.com wrote:
> http://www.angelfire.com/mb2/mbgpg2go/tp.html Useful reference, thank you. It would follow from there that (as I suspected) gpg 1.4.12 code base is the best candidate for the fork.
caveat: You are the judge of what your threat model is...
Of course. (well, not me personally - I'm just one among a number of individuals this group of users has asked to comment on the various ways of going about constructing the programs with the desired functionality). Unlike gpg, which is a piece of "for-public" software that must be capable of resisting all kinds of different threats, because it is almost universally deployed with no prior user-specific threat analysis, the hypothetical "trampCrypt" (my term) suite we are discussing here is intended for a group that has performed a very thorough, *group operation specific* threat analysis. One of the most important results of this is that it has been determined there is absolutely no threat of "recipient impersonation", and that, potentially, provides for much leaner code and much simpler operation (when compared with the "for-public" gpg). One of the less important results was that malware was found not to be a significant threat, which is why I'll ignore the subject of malware from now on, and would like to politely ask others to do the same. Peter M. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
