23 Mar
2013
23 Mar
'13
7:07 a.m.
Marc Weber
The only safe way is acceptnig keys from people you know don't view pdf using adobe reader,
I don’t…
who don't browse the web (neither use flash) etc.
I only browse the web (in general) from a diskless virtual machine.
And then still you also have to know that their email account password is reasonable strong ..
I don’t think you need to know that: you need to know that their signing key password is strong, that they’ve never entered it into a machine with a keylogger running, and no-one has shoulder surfed them. Oh, and that no-one can blackmail or torture them :-P -- Jón Fairbairn Jon.Fairbairn@cl.cam.ac.uk