On 06/02/15 01:21, Matthias-Christian Ott wrote: > If they provably don't sign their firmware or incorrectly check the signature > and are not responsive, perhaps it would be helpful to talk to them through > third parties like BSI or S-CERT
Why?! Why would I do that?! I do like to think of myself as a bit altruistic, but seriously, why would I go through all that effort? Thanks for making me smile. It does a person good. Furthermore, I am a bit tired of this subject, forgive me for not answering most of what you say. I get the impression you're not picking up on what I'm trying to say, and that becomes a bit tiresome. >> I'm absolutely sure nobody made that claim. More miscommunication galore? >> ;) > > Werner Koch suggested it (<87y4oen5lx....@vigenere.g10code.de>). If you would link[1] to the mailing list archives I wouldn't have to open the (what Thunderbird calls) "message source" to visually compare the Message-ID on a likely message. Anyway, that wasn't such a long mail. It sure doesn't contain your suggestion. You're really doing a lot of extra interpretation and inference if you take that suggestion from: > I think such a discussion is important and belongs here. I see no > reason to discuss the need for 8k or even 4k keys if we neglect to > discuss hardware or malware based attacks. In fact the immediate need > for very large keys is mostly an academic exercise while the latter are > real threats. To me, it says that 4k or 8k keys are not the weak spot of a cryptosystem. And that we should discuss weak spots on this list. Thank you for your contribution in that. But it sure as hell doesn't say that a smartcard keeps you safe when you're working on a compromised system. > If somebody wants to discuss or answer these questions that I'm asking myself > for years, I will be happy to continue the discussion otherwise I'm out of > it. Glad we agree on that at least. Cheers, Peter. [1] http://lists.gnupg.org/pipermail/gnupg-users/2015-February/052344.html -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
