On Dec 5, 2007 11:46 AM, new_guy <
byte8bits@...> wrote:
> Can you dismiss PKI and the benefits that OpenPGP signatures provide to your
> user community? Knowing that xyz binary is signed by OpenBSD for
> distribution or abc email came from an official OpenBSD source is a good
> thing. Trojaned binaries and forged emails happen. PKI can help mitigate
> this. The benefit of PKI is widely known and accepted and does not need to
> be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of)
> does not use it, that's all I'm saying. I also thought there would be a real
> reason for not doing so and there may in fact be and I may just be unaware
> of it.
What are the risks you are trying to address? What are the widely
known benefits of PKI? Who downloads and installs openbsd binaries
*FROM AN EMAIL*?
Would you consider Bruce Schneier to be knowledgeable about PKI? Have you read:
http://www.schneier.com/paper-pki.html--
http://www.glumbert.com/media/shifthttp://www.youtube.com/watch?v=tGvHNNOLnCk"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted." -- Gene Spafford
