gpg "simplified"?

vedaal at nym.hush.com vedaal at nym.hush.com
Thu Aug 23 21:23:20 CEST 2012 

peter.segment at wronghead.com peter.segment at wronghead.com 
wrote on Wed Aug 22 20:59:43 CEST 2012 :

>FWIW, this is not our assumption. Alice is far from a "computer
illiterate" and such simple CLI interaction is for her a trivial
exercise.
...
>In our case, that is simply wrong. Alice is no fool, Alice is 
(probably)
a medical or technical professional, Alice is reaing the papers, 
Alice
knows that computer security is full of holes, and unless she, 
herself,
has a reasonable knowledge of the system upon which ~her~ security
depends, if in doubt, she will respectfully decline to participate 
in
the activities of the group this system is supposed to serve. 

=====

As Rob pointed out:
"having a single trusted introducer who serves as the gatekeeper 
for the entire system this problem goes away."

Medical or Technical firms using encryption, cannot afford to have 
their data unencryptable when they themselves need it, and so, may 
resort to one of two general solutions:

[1] ADK's (additional decryption keys) for each employee.
(PGP and some commercial implementations offer them, Gnupg does 
not.)

or

[2] ALL keys within the company, for all employees, are generated 
by one sys-admin, who has the copies and passphrases, and gives, to 
each employee, that employee's keypair, as well as each other 
employee's public key.

(Maybe Rob can comment on other alternate ways of setting up such 
systems.)

Now,
IF Alice trusts the sys-admin to not do anything malicious,
(i.e. mis-using her key or others to forge anything, and doesn't 
mind that the administration will be able to decrypt anyone's 
encrypted message having to do with company or group matters),

then,
it is very easy to accomplish this through gnupg.

The sys-admin generates all the keys, and distributes the keyrings.
Each keyring has that individual employee's keypair, as well as all 
the other employee's public keys. 
Each key has 'ultimate' trust.
No other WOT issues need to be involved.

Once Alice gets comfortable with gnupg, and wants to use encryption 
under wider circumstances, and for personal communication, she can 
then learn the other issues on how to do this safely.

(She can find us on the web, and join this mailing list or others 
like it, and learn at her own pace ;-)  ).


vedaal

More information about the Gnupg-users mailing list