gpg "simplified"?

peter.segment at wronghead.com peter.segment at wronghead.com
Thu Aug 2 02:18:14 CEST 2012


(repatriating to the thread)
On 01/08/12 22:13, vedaal at nym.hush.com wrote:

 > http://www.angelfire.com/mb2/mbgpg2go/tp.html

Useful reference, thank you. It would follow from there
that (as I suspected) gpg 1.4.12 code base is the best
candidate for the fork.

> caveat:
> You are the judge of what your threat model is...

Of course. (well, not me personally - I'm just one among
a number of individuals this group of users has asked to
comment on the various ways of going about constructing the
programs with the desired functionality).

Unlike gpg, which is a piece of "for-public" software that
must be capable of resisting all kinds of different threats,
because it is almost universally deployed with no prior
user-specific threat analysis, the hypothetical "trampCrypt"
(my term) suite we are discussing here is intended for a group
that has performed a very thorough, *group operation specific*
threat analysis. One of the most important results of this is
that it has been determined there is absolutely no threat of
"recipient impersonation", and that, potentially, provides
for much leaner code and much simpler operation (when compared
with the "for-public" gpg). One of the less important results
was that malware was found not to be a significant threat,
which is why I'll ignore the subject of malware from now on,
and would like to politely ask others to do the same.

Peter M.




More information about the Gnupg-users mailing list