gpg 1.4
Robert J. Hansen
rjh at sixdemonbag.org
Thu Jan 15 00:22:29 CET 2026
> Perhaps architects of software such as gnupg should pay more
> attention to the postulate expressed by Ben Laurie and
> Abe Singer in their "...Red Pill and the Blue Pill" paper:
There are a few different responses here:
* If a Google cryptographer says "hey, let's solve this hard problem by
getting into the hardware business!", that's great: Google has the fab
lines to do this if they want. GnuPG lacks a fab plant. You're literally
trying to put the devs on a guilt trip for being a small FOSS project
that doesn't have billions of dollars to throw at R&D prototypes like
the Nebuchadnezzar device. This is not a good look.
* For users who need trusted devices, GnuPG offers smartcard support.
Buy a Yubikey or an OpenPGP card and have fun.
* Google themselves are not jumping on the idea of a Nebuchadnezzar
device. Why should GnuPG?
* If anyone was to deploy something like this it would be Western
intelligence agencies. I'm unaware of any RFPs for such a product. Maybe
there is one and I don't know about it, but ... if Fort Meade isn't
jumping on this and Google's not jumping on this, I'm going to ask the
important question of "why aren't they?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260114/36261dce/attachment.sig>
More information about the Gnupg-users
mailing list