Perhaps architects of software such as gnupg should pay more attention to the postulate expressed by Ben Laurie and Abe Singer in their "...Red Pill and the Blue Pill" paper:
There are a few different responses here:* If a Google cryptographer says "hey, let's solve this hard problem by getting into the hardware business!", that's great: Google has the fab lines to do this if they want. GnuPG lacks a fab plant. You're literally trying to put the devs on a guilt trip for being a small FOSS project that doesn't have billions of dollars to throw at R&D prototypes like the Nebuchadnezzar device. This is not a good look.
* For users who need trusted devices, GnuPG offers smartcard support. Buy a Yubikey or an OpenPGP card and have fun.
* Google themselves are not jumping on the idea of a Nebuchadnezzar device. Why should GnuPG?
* If anyone was to deploy something like this it would be Western intelligence agencies. I'm unaware of any RFPs for such a product. Maybe there is one and I don't know about it, but ... if Fort Meade isn't jumping on this and Google's not jumping on this, I'm going to ask the important question of "why aren't they?"
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
