Security of the gpg private keyring?

Robert J. Hansen rjh at sixdemonbag.org
Tue Mar 1 02:08:11 CET 2011


On 2/28/11 7:32 PM, Grant Olson wrote:
> Both problems are, as they say in engineering-speak, non-trivial.

And this isn't even getting into the ways such a feature could/would be
abused.  Once you create an enforceable mechanism to say "this key
cannot be propagated by anyone but the owner," someone will find ways to
leverage that into an attack.  I don't know how it would be done: I
haven't done much thought on the subject.  But my suspicion is that
people much cleverer than I am are already thinking on it.

Also, from a political perspective, it's kind of interesting to see the
debate.  This is fundamentally an argument about DRM: certificate owners
claim certain exclusive rights and want technology to facilitate their
exercise of those rights, much as motion picture copyright owners claim
certain rights and want technology to facilitate their exercise of those
rights.  I'm not drawing any moral parallels between the two groups: I'm
just saying I find the dichotomy fascinating.  :)




More information about the Gnupg-users mailing list