[Tickets #12099] Re: create gpg keys for the 21th century
noreply at bugs.horde.org
noreply at bugs.horde.org
Mon Mar 18 11:25:04 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12099
------------------------------------------------------------------------------
Ticket | 12099
Updated By | o+horde at immerda.ch
Summary | create gpg keys for the 21th century
Queue | Horde Base
Version | Git master
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch | 1
Owners | Michael Slusarz
------------------------------------------------------------------------------
o+horde at immerda.ch (2013-03-18 11:25) wrote:
> IMHO the length of the key is the least of your worries here.
>
> Unless you have ultimate trust in the person who is administrating
> the webserver (ie, *you* are the one in charge), there is no
> guarantee that nobody has access to your private key. As an
> administrator it would be trivial to log the passwords of private
> keys (if any) and the keys themselves are also present.
>
> If confidentiality is really an issue, you shouldn't be using PGP
> (or S/MIME) in Horde in the first place.
so your argument is like, why do you lock the door, the janitor has a
key anyway...
i mean its all a question of your threat model and i agree that using
pgp in horde is considerably less secure (as in applies to a weaker
threat model) as using it locally, but that doesn't mean that you
should just not care about the key.
if this does not convince you, why we should increase keylength, look
up forward secrecy.
More information about the bugs
mailing list