standard comment
Robert J. Hansen
rjh at sixdemonbag.org
Mon May 25 13:18:05 CEST 2026
> How would this fine community recommend to make a standardized comment
> about keys being used in unsecure environments.
Your question sounds like "how can I best mitigate the risks of playing
Russian roulette?" The answer is elegantly simple: don't play Russian
roulette. There is no way to effectively mitigate the risks once you
start playing Russian roulette.
If I were to see a warning like the one you mention, I would read it as,
"I cannot be trusted to properly employ even basic communications
security. Everything I'm doing is security theater."
Don't expose your unencrypted private certificate to an untrusted
environment. It really is that simple. If you don't trust your Android
environment, don't ever allow your unencrypted private certificate to be
stored on it, even briefly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260525/f0f5a4ad/attachment.sig>
More information about the Gnupg-users
mailing list