GnuPG cryptographic defaults on the 2.2 branch [was: Re: [Announce] GnuPG 2.2.1 released]

Ineiev ineiev at
Thu Sep 21 18:40:17 CEST 2017

On Thu, Sep 21, 2017 at 11:32:11AM -0400, Daniel Kahn Gillmor wrote:
> I'd prefer to not be attacked at all -- if i were able to choose. :)
> Do you think we should avoid the use of cryptography entirely, so that
> network-based adversaries can monitor us from a distance without getting
> too close?  Your adversary being able to secretly attack your data from
> a distance without touching you doesn't somehow protect you from being
> attacked "IRL" in the long run.

There are adversaries and adversaries. I met people who were happy
with adversaries like their government reading all their data, but not
with adversaries like their ISP logging the sites they accessed
(and vice versa).

> In many cases, surveillance and privacy violations are the first step
> toward other negative consequences to the surveilled party, up to and
> including physical attacks against your person.

In that context, it becomes a matter of beliefs.

> Keeping your data cryptographically protected, whether at rest or in
> motion, is a way to defend yourself from physical attack, not to
> encourage it.

IMVHO it depends.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Digital signature
URL: </pipermail/attachments/20170921/d2322990/attachment.sig>

More information about the Gnupg-devel mailing list