> A "vulnerability" that requires the opponent to have write access > to your private key in order to exploit? > > Okay. What was PGP's threat model again? I'd have sworn that this > was squarely outside it. Probably. Do you need only write access? What does that do for smart cards - if anything? -David