gpg "simplified"?

[peter.segment at wronghead.com]

Thank you for your comprehensive comments,

On 22/08/12 03:16, Faramir - faramir.cl at gmail.com wrote:
>    I think you are wrong about that. All the user needs is a properly
> configured portable install of GnuPG (and very likely, an easy to use
> GUI, because if Allice can't understand WOT, probably using CLI won't
> make her happy at all).

FWIW, this is not our assumption. Alice is far from a "computer
illiterate" and such simple CLI interaction is for her a trivial
exercise.

GPG is on the other hand so tightly integrated with WOT that no matter 
what, it is unavoidable that any user will sooner or later stumble
upon some of WOT anatomy or physiology minutia, and that will have
at least one of two rather detrimental consequences:

a) with insufficient knowledge of the WOT model, Alice will take
a "wrong turn" and therefore impact the overall security of the group;

b) Forced to deal with things she doesn't fully understand, Alice will
lose the confidence in the security the system provides.

The second point is worth elaborating upon. Somewhere else you say:

 > Allice doesn't need to know what it does...

and:

 > Then the end user will never have to bother about what is a WoT. GPG
 > and the group manager will handle that part. End user just need
 > updated public keyring.

This thinking pretty well follows the contemporary computer security
dogma: the user need not understand any of the underlaying concepts,
the user just has to trust whoever has designed and implemented
the system.

In our case, that is simply wrong. Alice is no fool, Alice is (probably)
a medical or technical professional, Alice is reaing the papers, Alice
knows that computer security is full of holes, and unless she, herself,
has a reasonable knowledge of the system upon which ~her~ security
depends, if in doubt, she will respectfully decline to participate in
the activities of the group this system is supposed to serve. What she
doesn't understand *is a liability*. Not all liabilities can be avoided,
but they certainly must be minimized. It's not to say that Alice must
be proficient in the design of crypto algorithms, but she ~must~
understand and have the confidence in data formats and the protocols.

>    I have GPG with GPGShell on my USB flash drive, and I can encrypt,
> decrypt, and generate keys quite easily. Of course I can do a lot more
> things, but I'm not forced to do any other thing. And since GPGShell
> is JUST a GUI,that e that means GPG can do the same things from command
> line, and unlike GPGShell GUI, it is available for windows, linux, etc.
>
>    Now I already said that, I must also say I don't enter my private
> key passphrase in a computer I don't trust. In fact, I don't remember
> if I ever used my portable gpg, other than to test if it works. I
> carry it with me just in case I go to visit my father, and for any
> strange reason, I want to decrypt a file I have at my 4shared account.
> I know his computer is probably safer than mine, since he uses it just
> for work, he doesn't install stuff on it, and so on.

Alice (in the most common usage scenario) carries with her a USB stick
that has no file on it that, unless it is broken cryptographically, is
anything other than a stream of random bytes. The three (or a single)
programs that we are considering here are either downloaded from a
public web site and jettison after the use, or are on a CD that is not
in her possession when she is in any danger of being confronted by an 
adversary.

Peter M.