key question

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Mar 3 19:25:04 CET 2010 

On 03/03/2010 11:16 AM, Mark H. Wood wrote:
> On Fri, Feb 26, 2010 at 03:53:27PM +0000, MFPA wrote:
>> There are privacy issues, especially if user-ids on the key contain
>> email addresses. In some cases, the authorities knowing an individual
>> used encryption could be a problem.
> 
> There are issues of tradecraft, then.  Using OpenPGP as a tool for
> committing crimes is kind of stupid.  

Can we not go down this line of argument, please?  Not everything that
"the authorities" frown on is criminal, and not every action in
opposition to the law of some given state is necessarily immoral.  I'm
sure this isn't true about $yourowncountry, but please consider the
situation for citizens of $thatevilcountry.

OpenPGP is a tool for encrypted and/or authenticated communications.  If
we were to declare from the outset that OpenPGP is not (and will never
be) a good tool for use by people struggling against oppressive regimes,
we would strand a significant proportion of people who have a strong
legitimate need for encrypted and authenticated communication.

What a waste that would be!

> There are more secure methods
> for a closed community to secure its lines of communication.

If the community in question is a geographically-distributed one, and
the tools are used wisely, OpenPGP can actually be a pretty good choice.

> I feel there is a strong assumption among OpenPGP users that our
> community is, *ahem*, open.

Speaking as one user of OpenPGP, I do not share your assumption.

The "Open" in OpenPGP refers to the nature of the standard: the standard
is public, well-documented, and peer-reviewed.  Anyone is free to
implement it, and there are public discussions around the nature of the
standard itself.

The "Open" in OpenPGP does *not* refer to any broader sense of
transparency among its userbase, or even a requirement for
implementations of the standard itself to be open (GPG is free software,
but other implementations of OpenPGP are not).

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100303/ee041926/attachment-0001.pgp>

More information about the Gnupg-users mailing list