what is killing PKI?

Stan Tobias sttob at mailshack.com
Wed Aug 29 01:53:16 CEST 2012

For lack of time, I have to be brief; I just answer the most important

"Mark H. Wood" <mwood at IUPUI.Edu> wrote:

> I use encryption to enforce the privacy I already (should) have.  

I answered this in my post to Faramir, several minutes ago.

> So, yes, it's a weapon.  

I call it a weapon, because it doesn't add anything to the message, it
only isolates it from third parties (including adversaries).  Just like
a thick castle wall, or the body armor, separates your treasure from
your enemies in space, encryption does the same in time (and maybe energy).

> There are people who don't respect my privacy,
> and if I don't defend it they may take it away.  

ACK.  It's like Peace, we all have to defend it.  But for goodness'
sake, let's not do it with nuclear missiles!

> Even if someone
> penetrates my encryption, 

The fact of penetrating your encryption is not automatically the same
as violating your privacy, and the encryption doesn't matter here.
They might succeed and send you a message "Alert! We've broken your
communication.  For better security we advise to upgrade your rot13
cipher".  Early Unix hackers (was it RMS? - I don't have time to check)
retrieved users' passwords and wrote them "Your password is too weak,
you'd better make a stronger one"; were they breaking privacy? - I say
they weren't (with a tiny grain of doubt).  It all depends on what they
do afterwards with your message, and what their intentions are.

Privacy pertains to ethical behaviour.  Look at these three cases,
technically not differing:

- "Here's your letter, which came to the wrong address, I read it before I
  realised it wasn't for me, I'm sorry."
- "Oh well... thank you."

- "Here's your letter, which came to the wrong address, I read it before I
  realised it wasn't for me, I'm sorry."
- "Oh well... thank you."
- "If you'd like to know my opinion..."
- "Oh, no, please, I don't want to talk about it."
- "I'm sorry.  Good-bye."

- "Here's your letter, which came to the wrong address, I read it before I
  realised it wasn't for me, I'm sorry.  But I had a laugh of my life!  You
  must be really crazy to write such rubbish."
- "What?!"

It's obvious where privacy is not respected, so I'll just stop here.

> if I can show that he did so I may be able
> to win a case against him in court, so it's (potentially) both a
> passive and an active defense, a shield for my privacy and an
> assertion that I will defend that privacy.

Let's stop this here, IANAL, and I don't want to diverge into legal field.
I was only trying to get an understanding what privacy means for ordinary
people, in social and moral sense.  Laws differ and often don't correspond
to people's perception, so let's not further confuse matters.

> I could argue that it would be antisocial for someone to insist that
> people not enforce their privacy.  We do not and should not trust all
> equally in all situations.  Anyone may have lawful, moral business,
> the disclosure of which would be so harmful (in his eyes) that he
> might want assurance that only the intended recipient be party to the
> discussion.  I doubt there ever was anyone who had *nothing* to hide.

I was talking about normal people, not interaction with businesses; and
about ordinary conversations - think "greetings", not "money".

I'm not arguing against cryptography, especially when there are important
reasons to use it.  Cryptography is not antisocial per se.

As a child I was taught not to whisper into the ear - it's still taught
to children, I think.  Being a guest at a table it would be very impolite
to whisper with your neighbour - just excluding others from your "private"
conversation is perceived as rude.  Your hosts perhaps could, for a short
while (for there's a reason), guests shouldn't; there is a way around it -
you could go to a side and talk private, but kind of visibly to others,
and everything will be fine.  It depends on situation, but generally people
don't like to be excluded, people want everyone to be open.

Some people (file-sharer in my previous post) in certain situations might
consider using encryption as an acknowledgment of defeat: if you encrypt
you don't stand up for common cause.  It's not that I personally support
this, it's how some people might feel, I believe.

Would you encrypt (let's say rot13) your hand-written love letters to
your fiance?

Regards, Irek T.

More information about the Gnupg-users mailing list