GnuPG cryptographic defaults on the 2.2 branch [was: Re: [Announce] GnuPG 2.2.1 released]

Daniel Kahn Gillmor dkg at
Thu Sep 21 17:32:11 CEST 2017

On Thu 2017-09-21 03:07:04 -0400, Ineiev wrote:
> On Wed, Sep 20, 2017 at 12:59:09PM -0400, Daniel Kahn Gillmor wrote:
>> The goal of cryptographic software is to defend against cryptanalytic
>> attack, to make it *more* expensive than, say, physical compromise.
> In many cases I'd prefer a cryptanalitic attack against my key
> to a physical attack aganist my person---if I were able to choose.

I'd prefer to not be attacked at all -- if i were able to choose. :)

Do you think we should avoid the use of cryptography entirely, so that
network-based adversaries can monitor us from a distance without getting
too close?  Your adversary being able to secretly attack your data from
a distance without touching you doesn't somehow protect you from being
attacked "IRL" in the long run.

In many cases, surveillance and privacy violations are the first step
toward other negative consequences to the surveilled party, up to and
including physical attacks against your person.

Keeping your data cryptographically protected, whether at rest or in
motion, is a way to defend yourself from physical attack, not to
encourage it.  Please don't advance this false dichotomy.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170921/338cc17b/attachment.sig>

More information about the Gnupg-devel mailing list