[Haskell-cafe] Ticking time bomb

[Jon Fairbairn]

Marc Weber <marco-oweber at gmx.de> writes:

> The only safe way is acceptnig keys from people you know don't view pdf
> using adobe reader,

I don’t…

> who don't browse the web (neither use flash) etc.

I only browse the web (in general) from a diskless virtual
machine.

> And then still you also have to know that their email account password
> is reasonable strong ..

I don’t think you need to know that: you need to know that their
signing key password is strong, that they’ve never entered it
into a machine with a keylogger running, and no-one has shoulder
surfed them. Oh, and that no-one can blackmail or torture them
:-P

-- 
Jón Fairbairn                                 Jon.Fairbairn at cl.cam.ac.uk