Re: GnuPG weak as one guy with a spare laptop.

["Forrest J. Cavalier III" <mibsoft () mibsoftware com>]

obnoxious () hush com wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> What is your point exactly? How secure are Verisign, Thawte or
> anyone elses servers outside of them just stating "We take X
> Precautions". 

Do you argue "Some chains are weak" implies "All chains are weak"?  Please 
explain.  I missed it.

I'll agree that software and certs from Verisign, Microsoft, Sun, Yahoo, 
Citibank are also only as safe as those "X precautions".

What's your point in bringing them up?  I don't trust their cryptography 
software the way I trust GnuPG, so I'm not interested in discussing them 
specifically.

It's easy to get "gpg --verify" to exit(0), but what that exit code _means_ 
matters to me, and that is determined by the precautions at the end points.

Do you have any knowledge of what those X precautions are, or if they can be 
improved for GnuPG?

Forrest

P.S. I forgot to mention that I appreciate the honesty of Werner Koch's "spare 
laptop disclaimer."  Big corporations should be as transparent and honest. 
Truth is there are many who are more lax than Werner Koch, but say they are more 
dilligent.