Is the OpenPGP model still useful?

Mark H. Wood mwood at IUPUI.Edu
Wed Apr 27 17:09:00 CEST 2011

Some thoughts:

o  Agreed:  OpenPGP is difficult.

o  Media-hopping:  each segment can be treated separately.  The users
   know there is a thread of conversation but the technologies do
   not.  So, is this point relevant?

o  Who is the attacker?  A government with sufficient motivation and
   money should have little trouble getting carriers to inform them of
   who is involved in a given flow in near realtime (say, by forwarding
   the log streams out of their RADIUS servers), and matching that
   to a watch list is trivial.  These are exactly the people who would
   be doing large-scale collection.  A personal rival probably
   couldn't afford it.  (This is directed at the "distinguishment"

   Today the chief difficulty for a state really isn't technical or
   financial, but legal.

o  "Encrypt each communication (Facebook post, SMS, whatever) with a
   random 40-bit key.  Throw the key away.  Send it."  Isn't that what
   we do now?  Or do you mean:  encrypt *everything*; don't ask, just
   make encryption the default for all communication.  I could get
   behind that.  (I've argued for some time that we ought to do away
   with HTTP-not-S, not-S-SMTP, etc. and this just extends the
   argument to another layer.)

o  Agreed:  most people don't care about most of their messaging.

o  Just so long as those who *do* care can plug in or wrap on something
   stronger and more manageable if they wish.

Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20110427/5ca125f6/attachment.pgp>

More information about the Gnupg-users mailing list