Is the OpenPGP model still useful?
Mark H. Wood
mwood at IUPUI.Edu
Wed Apr 27 17:09:00 CEST 2011
o Agreed: OpenPGP is difficult.
o Media-hopping: each segment can be treated separately. The users
know there is a thread of conversation but the technologies do
not. So, is this point relevant?
o Who is the attacker? A government with sufficient motivation and
money should have little trouble getting carriers to inform them of
who is involved in a given flow in near realtime (say, by forwarding
the log streams out of their RADIUS servers), and matching that
to a watch list is trivial. These are exactly the people who would
be doing large-scale collection. A personal rival probably
couldn't afford it. (This is directed at the "distinguishment"
Today the chief difficulty for a state really isn't technical or
financial, but legal.
o "Encrypt each communication (Facebook post, SMS, whatever) with a
random 40-bit key. Throw the key away. Send it." Isn't that what
we do now? Or do you mean: encrypt *everything*; don't ask, just
make encryption the default for all communication. I could get
behind that. (I've argued for some time that we ought to do away
with HTTP-not-S, not-S-SMTP, etc. and this just extends the
argument to another layer.)
o Agreed: most people don't care about most of their messaging.
o Just so long as those who *do* care can plug in or wrap on something
stronger and more manageable if they wish.
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: not available
More information about the Gnupg-users