on running C-Z/SUV without a "group manager"

peter.segment at wronghead.com peter.segment at wronghead.com
Fri Aug 24 14:42:08 CEST 2012

> On 24/08/12 06:55, Faramir - faramir.cl at gmail.com wrote:
>>    You are welcome, lets add more comments.

your comments are appreciated.

This group's (C-Z/SUV) thinking on the role of a "group manager"
has evolved. I believe for the better.

>> GPG is on the other hand so tightly integrated with WOT that no
>> matter what, it is unavoidable that any user will sooner or later
>> stumble upon some of WOT anatomy or physiology minutia, and that
>> will have at least one of two rather detrimental consequences:
>> a) with insufficient knowledge of the WOT model, Alice will take a
>> "wrong turn" and therefore impact the overall security of the
>> group;
>  Yes and no. If the group manager configures the software,...

This group's view is now that a single point of failure (such as a
"group manager" - who probably either does (or easily can, if she
so desires) know (or guess) the identity of ~all~ of the group members
is to be avoided if at all possible. I'm suggesting (to them and to you)
that it is indeed possible to construct both a piece of software - which
is what we are discussing here - and the security protocols that would
enable 100% peer-to-peer MO.

> Since she is already going to use security software on unsecured
> computers, I don't know how much confidence she should have on it,
> but that is another matter.

Please allow me to make this important point (again!): *these are not
"unsecured computers"*. These are, without a trace of doubt, more secure
computers than a typical Internet-connected MS Windows computer, and
(oddly!) I don't ever remember on gpg user list any warning about using
gpg on those. These are simply computers on which, for various reasons,
no permanently installed software exists.

> ...Nobody can prove there is a hidden partition, but you
> can't prove you don't have one, so beware of bamboo needles.

Just for the record: nobody in this group is in any danger of being
tortured (or worse). Nobody is likely to be even mistreated for the
mere possession of some USB stick with unreadable content - as long as
the content, in combination with other known facts about her does not
connect Alice with Crypto-Zoological Society of Upper Volta. On the
other hand, when her connection to the C-Z/SUV is established
(or possibly just suspected) by her employer, Alice will very likely
end up unloading grocery trucks at her local supermarket for the next
ten years of her productive life instead of whatever she happens to be
doing today. (You'd be surprised by the power of industry associations
and self-regulating professions. But they don't use bamboo needles - at
least not where Alice is practicing :)

Peter M.

More information about the Gnupg-users mailing list