--MAH+hnPXVZWQ5cD/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 04, 2003 at 10:56:04AM +0200, Martin Konold wrote: > Am Thursday 04 September 2003 10:36 am schrieb Daniel Stone: > > > In general adding extra "security" features which dont really work on= ly > > > provides people with a missleading impression about their security > > > status. >=20 > > I'm afraid I have to disagree with you here. I leave my screen unlocked= at > > home and generally at work, but mainly because everyone in the office h= as > > sudo access to all the machines anyway, and at home, there are a couple= of > > people with the root password. >=20 > > That does not, however, mean that I want everyone to be able to use my > > GnuPG key >=20 > Your goal is impossible to be reached! >=20 > Everyone having root access to your machine is easily capable to steal yo= ur=20 > passwords/idendentity without you even noticing. The Unix/Linux security= =20 > model simply provides _no_ means to be save from a malicious root. Aside from the fact that I only keep my GnuPG key on a few trusted machines= , and could use SELinux and ACLs if I wanted to, the point remains the same. My G= nuPG key is password-protected with a strong password, anyhow; I really hope you= rs is (if it isn't, I won't sign it, ever). The issue at hand was slightly more generic, I was just making an example. Encryption can defeat root. Of course, if someone *really* wanted my identity, they'd hook a pair of electrodes to my genitals, and get it out of me that way. If people are involved, it's inherently insecure. --=20 Daniel Stone http://www.debian.org - http://www.kde.org - http://www.freedesktop.org "Configurability is always the best choice when it's pretty simple to imple= ment" -- Havoc Pennington, gnome-list --MAH+hnPXVZWQ5cD/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj9XARgACgkQcPClnTztfv2e8QCdEF3QDIXhltnYYRPrS9RC3KA5 6zcAnRZdrDl++/jAXNDT2qYsjgI+4R/0 =YxgY -----END PGP SIGNATURE----- --MAH+hnPXVZWQ5cD/--