On 2015-02-04 23:07, Peter Lebbing wrote: > On 04/02/15 21:44, Matthias-Christian Ott wrote: >> There are enough examples of vendors that introduced government backdoors in >> their proprietary products to come to the conclusion that it is probably not >> a good idea to use proprietary software or hardware if your threat model >> includes government backdoors and you want to defend against them (of course >> that doesn't mean that it is impossible to verify that a proprietary product >> does not contain a backdoor but it is unarguably a lot harder). So I don't >> know how speculating that a particular vendor of proprietary hardware and >> software implants backdoors in its products does move the discussion >> forward. > > What about non-governmental attackers who are able to update your reader > firmware through an evil maid attack or the like? You seem to imply that > hacked > reader firmware is necessarily by a government or the manufacturer.
You could protect against this scenario by signing the firmware. In some countries "the government" can legally force the manufacturer to sign "the government's" firmware. > I don't think "it's easier to hack than comparable equipment from competitors" > is a particularly compelling argument, though, to be honest. I didn't make this argument. Regards, Matthias-Christian _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users