Is the OpenPGP model still useful?

Marcio B. Jr. marcio.barbado at gmail.com
Tue Jul 26 20:44:49 CEST 2011


Hi Daniel,

On Sat, Jul 23, 2011 at 2:21 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On 07/23/2011 07:04 PM, Marcio B. Jr. wrote:
>> On Wed, Jul 6, 2011 at 5:49 PM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>>>> So far, OTR adoption seems unjustifiable, really. I mean, it uses the
>>>> Diffie-Hellman key exchange method with block ciphers.
>>>
>>> Why is this a problem?
>>
>> You know, secrets are shared. 100% increase (at least) in "exposing" risks.
>
> I am struggling with how to respond to your messages since i find them
> confusing.


Ok, I am grateful for that struggle.


> Are you aware that the purpose of OTR is to allow two parties to
> communicate confidentially?


Right now, I'm trying to study OTR within some US Fifth Amendment
contexts. So I'll answer that in a later time.


> OpenPGP itself uses this sort of symmetric encryption to encrypt
> messages with a random session key, and only uses asymmetric encryption
> to encrypt the session key itself.


So, say, my subkey's public part encrypts some session key, not the
message itself?


Regards,



Marcio Barbado, Jr.



More information about the Gnupg-users mailing list