gpg "simplified"?

Thu Aug 23 19:07:57 CEST 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224

On 08/22/2012 02:59 PM, peter.segment at wronghead.com wrote:
> GPG is on the other hand so tightly integrated with WOT that no 
> matter what, it is unavoidable that any user will sooner or later 
> stumble upon some of WOT anatomy or physiology minutia, and that 
> will have at least one of two rather detrimental consequences:

As has been pointed out to you by at least two separate people, by
having a single trusted introducer who serves as the gatekeeper for the
entire system this problem goes away.

The problem you are talking about is routine.  I faced it when I was the
chief sysadmin for a law firm and deployed GnuPG to 150+ desktops.
Pretty much anyone who has ever deployed GnuPG and/or PGP has faced it.
 Solutions to this problem exist, are well-known, and pretty thoroughly
tested.

Deploying PKI is nowhere near as big of a problem as convincing people
that PKI adds benefit to their lives.

> This thinking pretty well follows the contemporary computer
> security dogma: the user need not understand any of the
> [underlying] concepts, the user just has to trust whoever has
> designed and implemented the system.

You don't need to understand statics, the modulus of compression, the
difference between shear and torque, the modulus of expansion, or any of
those other things to use a bridge: you just walk or drive across it.
For those who build the systems, of course they need to understand it in
detail.  Users, though, need to be insulated from these things as far as
is practical.

Right now the number one thing killing PKI is the fact nobody wants to
adopt it.  If you state, "well, before someone can use PKI they must
understand the underlying concepts," you're automatically selecting for
the upper 1% of computer users.

I think the other 99% deserve better.

> It's not to say that Alice must be proficient in the design of 
> crypto algorithms, but she ~must~ understand and have the
> confidence in data formats and the protocols.

One of the data formats used in GnuPG is PKCS12.  I doubt that anyone on
this list fully understands the PKCS12 data format and protocol.  A
while ago Werner condemned it as "even by ASN.1 standards a nightmare to
parse."  You don't want to hear my opinion on parsing PKCS12: my
language would make the lands near me barren.

If you say Alice *must* understand and have confidence in the data
formats and protocols, well, where do you draw the line?  Because if you
draw the line at a very high level, then you're adopting my position.
If you draw the line at a very low level, then you're saying she needs
to understand how PKCS12 works.  And if you draw the line anywhere in
between, then you're adopting my position but just quibbling over
precisely where you want the line to be drawn.

(Now, it's true that PKCS12 is normally not used as part of OpenPGP;
it's more closely associated with GnuPG's S/MIME code.  But I trust that
the point is made.)