Which segment of users are these? ...
... surprising lesson we learned was that we had absolutely
no idea who our users were.
When it comes to communication security software, there
is a built-in shortcut: start not by thinking who the
users are, but instead who their adversaries are.
That point of departure in Laurie-Singer paper is valid on
two counts: the client can be subverted accidentally - by
malware or bug in a hundreds of OS components and/or
applications that populate what they call "general-purpose
system", or it can be actively subverted by the adversary
that can buy, convince or coerce the cooperation of the
operating system vendor that continuously manipulates the
platform under user's posterior in completely non-transparent
manner.
Both authors of that paper - and the users facing such
adversaries (let's call them "Southern intelligence agencies"
to avoid bringing our possible geographical biases into
applied cryptography discussion) - see the solution in
clear-text *and* crypto-operations resident only on an
air-gaped device.
...nothing wrong with being in that fraction. However, I think you are
probably massively overestimating how big your fraction is, or the more:
degree to which your fraction's desires should be guiding GnuPG development.
I believe that fraction to be greater than you do, and, more
importantly, I believe it is growing. But regardless of their
numbers, your criticism would be valid if they were asking for
*more*: i.e., features and code additional to what the product
currently provides. But quite the opposite is the case: they
are asking for *less*; the most important quality of that "less"
would be the ability to accommodate the MO Laurie and Singer
suggested decades ago. And not using their elaborate Nabucodonosor,
but a perfectly adequate (for their purpose) substitute: an
Asus Eee PC pulled out of the electronic recycle bin.
R.B.
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
