On 03/07/2019 14:00, Roland wrote: > 1/ Perhaps the fear of compromised communication (including > distributed software, private messages) can be mitigated by > practicing short feed back lines: confirmations. Like "did you get my > communication, what did it say?"
If your communication pathway is untrustworthy, it is more effective to use multiple independent lines of communication than multiple messages over the same channel. This is still not foolproof, but it significantly increases the difficulties faced by an attacker. That said, if you've already leaked your secrets over the insecure channel it may be too late for you. > 2/ Perhaps one should not give too much trust to a WoT at all. After > all, a crook can pretend to be a friend, and thus yield the entire > WoT untrustworthy This is not quite true - if I am the recipient of a message, I must explicitly assign "signing trust" to all the links in the signature chain, in addition to assigning "identity verification" to the root of that chain. I can also assign "marginal trust" so that more than one verification pathway is required, to protect against duplicitous individuals. But you're right, these subtleties are why WoT never took off. :-) -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users