Is the OpenPGP model still useful?
Mark H. Wood
mwood at IUPUI.Edu
Wed Apr 27 17:09:00 CEST 2011
Some thoughts:
o Agreed: OpenPGP is difficult.
o Media-hopping: each segment can be treated separately. The users
know there is a thread of conversation but the technologies do
not. So, is this point relevant?
o Who is the attacker? A government with sufficient motivation and
money should have little trouble getting carriers to inform them of
who is involved in a given flow in near realtime (say, by forwarding
the log streams out of their RADIUS servers), and matching that
to a watch list is trivial. These are exactly the people who would
be doing large-scale collection. A personal rival probably
couldn't afford it. (This is directed at the "distinguishment"
factor.)
Today the chief difficulty for a state really isn't technical or
financial, but legal.
o "Encrypt each communication (Facebook post, SMS, whatever) with a
random 40-bit key. Throw the key away. Send it." Isn't that what
we do now? Or do you mean: encrypt *everything*; don't ask, just
make encryption the default for all communication. I could get
behind that. (I've argued for some time that we ought to do away
with HTTP-not-S, not-S-SMTP, etc. and this just extends the
argument to another layer.)
o Agreed: most people don't care about most of their messaging.
o Just so long as those who *do* care can plug in or wrap on something
stronger and more manageable if they wish.
--
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20110427/5ca125f6/attachment.pgp>
More information about the Gnupg-users
mailing list