I guess that’s one way to look at it, but if your end users are dissidents and
journalists communicating in happy fun places or developers signing critical
software, then surely you’d want the product to be resilient against 10 year
old trivial attacks from your users’ adversaries. I do understand the “with
what resources” argument; I imagine there is no way of getting around that.
But if that is the end response to stuff like this then it seems more an
argument that people should not be using this software system for important,
serious applications. For the secure communications functionality I suspect
this has been the target end users’ perception for quite some time, and a whole
slew of arguably better secure communications systems have risen to fill that
need - but GPG is still used heavily in signing important files.
-Ryan McGinnis
http://bigstormpicture.com
PGP: 486ED7AD
Sent with ProtonMail Secure Email
On Sun, Jun 30, 2019 at 07:44, Robert J. Hansen <r...@sixdemonbag.org> wrote:
>> What would have prevented a state level actor from activating this
>> exploit on a wide level during a time when it would have been most
>> effective for them?
>
> A nation-state with a professional intelligence service probably isn't
> very interested in taking down the keyserver network. Why should they
> take down something that's not a big priority for them, especially if
> it'll cost them a lot of international goodwill if it gets attributed to
> them?
>
> This has all the hallmarks of a child playing with matches and clapping
> with glee as the house catches fire.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users