[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] SUID bit - how do I set it?
> >>>>> "Chris" == Chris J/#6 <sixie [at] nccnet.co.uk> writes:
>
> Chris> Gnupg doesn't implement ADK's so isn't at risk.
>
> [...]
>
> Chris> One point to remember: changing your version of PGP won't
> Chris> solve the problem when you're receiving encrypted mail as
> Chris> it is the /sender's/ PGP that is at fault.
>
> But doesn't GPG read mail encrypted with PGP? If so, GPG users are at
> risk. I consider the privacy of other's mail to me (in many, perhaps
> the majority, of cases) a more important risk than the privacy of my
> own in the other direction.
Yes it does - the point is that you may be unaware that the message and/or
key has been tampered with because the senders PGP public key may have been
tampered with. At worse, you'll get no warning about the ADK in the key; at
best, a warning about an unknown key. GPG is only at risk due to the weakness
in the senders PGP public key.
>
> If not, you have the pleasant choice from:
> (1) not getting somewhat-secure mail from PGP-only sites
> (2) installing PGP (and you are at risk both ways if you
> communicate with them)
> (3) forcing your correspondents to install GPG, a not necessarily
> pleasant political task.
GPG is currently only really supported on UNIX-type boxes as well, with a
vague Win32 port... no GUI front end or owt.
Chris...
--
@}-,'-------------------------------------------------- Chris Johnson --'-{ [at]
/ "(it is) crucial that we learn the difference / sixie [at] nccnet.co.uk \
/ between Sex and Gender. Therein lies the key / \
/ to our freedom" -- LB / www.nccnet.co.uk/~sixie \
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.