From: Bertrand(_dot_)Ibrahim(_at_)cui(_dot_)unige(_dot_)ch
in the Holy Name of Convenience, many (most?) mailers permit a
passphrase to be cached for some amount of time. A virus could
exploit that.
Ok. So, you're reasoning on the assumption that the user and her system
enginer are both incompetent, that the software being used cannot be trusted
and that a virus is potentially already active on the user's system.
Without belaboring whether the word "incompetent" is appropriate (I
think it is), what is the difference between that hypothetical and
the current real world? Almost all of the bazillions of flavors of
Microsoft virus are based on that same Holy Name of User Friendliness.
No competently designed or implemented system since at least a decade
before those three guys hacked that BASIC interpretor in about 1973
has had the design holes that infest--uh--enhance the user's experience
of all flavors of Windows as installed by default through at least
Windows 98 SE and Window NT 4.0+service pack 6.
I meant that these were my requirements for a reliable system. But, unless I
were to be provided with all the sources and took the time to carefully analyze
them, I would, in the end, still be relying on somebody else's "promise" that
the software doesn't do anything stupid with my private key.....
Do you momentarily cringe when you give your car keys to a mechanic or
parking attendant? Do you give your house keys to every stranger who
expresses an interest in cleaning your drapes or checking your closets
for snipes? How can one not expect to need to perform similar due
diligence with the keys to your data?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com