dshaw at jabberwocky.com
Wed Mar 3 21:30:42 CET 2010
On Mar 3, 2010, at 11:16 AM, Mark H. Wood wrote:
> On Fri, Feb 26, 2010 at 03:53:27PM +0000, MFPA wrote:
>> There are privacy issues, especially if user-ids on the key contain
>> email addresses. In some cases, the authorities knowing an individual
>> used encryption could be a problem.
> There are issues of tradecraft, then. Using OpenPGP as a tool for
> committing crimes is kind of stupid. There are more secure methods
> for a closed community to secure its lines of communication. If one
> chooses the wrong tool for a job, or chooses to use it incorrectly, no
> blame attaches to others for the consequences of one's choice.
I basically agree. I'd say it a little differently as "Using OpenPGP as it is commonly used on the net (with keyservers, and signing parties, and such) as a tool for committing crimes is kind of stupid.". I think you could do very well using OpenPGP in a nefarious manner, but you'd have to use it in a different way than it is commonly used on the net. Which is fine - the various OpenPGP implementations are tools, and tools can be used in many different ways, both correctly (meaning "accomplishing what I'm trying to do in a safe and sane way") and incorrectly (meaning "not").
> I feel there is a strong assumption among OpenPGP users that our
> community is, *ahem*, open.
More information about the Gnupg-users