Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fosstodon.org/users/bluca/statuses/114636777069609718">bluca (bluca@fosstodon.org)'s status on Thursday, 12-Jun-2025 04:07:40 JST</a><a href="https://fosstodon.org/@bluca" title="bluca@fosstodon.org"><img src="https://gnusocial.jp/avatar/121283-48-20230518163452.webp" width="48" height="48" alt="bluca" style="position: absolute; left: 0; top: 0;">bluca</a><div><a href="https://chaos.social/@agowa338/114636701423831921" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/161170" title="agowa338@chaos.social">Klaus Frank</a></li><li><a href="https://gnusocial.jp/user/252638" title="siosm@floss.social">Timothée Ravier</a></li></ul></div></section><article><p><a href="https://chaos.social/@agowa338">@agowa338</a> <a href="https://mastodon.social/@pid_eins">@pid_eins</a> <a href="https://floss.social/@siosm">@siosm</a> it's not a different use case, it's simply that the threat model you are describing makes no sense. You spent a dozen posts above going against a perceived flaw in a feature because of local attacks, and now you are claiming that it's fine to leave private keys in plain text locally. This is completely contradictory, if you are worried about local attacks, the first thing to do is to never, ever have local signing keys. Average users are not security experts.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5185703#notice-10172333">In conversation</a><time datetime="2025-06-12T04:07:40+09:00" title="Thursday, 12-Jun-2025 04:07:40 JST">about a month ago</time> <span>from <span><a href="https://gnusocial.jp/notice/10172333" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/10172333">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
bluca (bluca@fosstodon.org)'s status on Thursday, 12-Jun-2025 04:07:40 JSTbluca
in reply to
@agowa338 @pid_eins @siosm it's not a different use case, it's simply that the threat model you are describing makes no sense. You spent a dozen posts above going against a perceived flaw in a feature because of local attacks, and now you are claiming that it's fine to leave private keys in plain text locally. This is completely contradictory, if you are worried about local attacks, the first thing to do is to never, ever have local signing keys. Average users are not security experts.
In conversationabout a month ago from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice