what is killing PKI?

No such Client nosuchclient at gmail.com
Fri Oct 5 02:40:11 CEST 2012 

On 10/05/2012 01:22 AM, Robert J. Hansen wrote:
> Who says we should promote anything?  Nobody ever elected me Grand
> Poobah of the Internet.  I don't think anyone ever elected you, either.
>  Instead of telling people what they should do, what's wrong with giving
> people options and telling them that it's their responsibility to make
> informed choices?
>   
Well, if Alice uses gpg for everything, with a strict signing/encryption
policy, and she meticulously makes sure that fingerprints match, keys
are valid, etc.. And her brother/boyfriend/beuau/coworker etc, Bob
doesn't.. Bob's "insecurity" (for not using it , some of which get
passed onto her, especially if she has a i-do-not-send-plaintext-policy,
and she has/wants to send/receive comms from Bob. So Bob lowers the
quality of her personal security standard, and if Charlie,
 knows "a bit" about gpg, but doesn't see the need, unless it is for
"sensitive" applications (to alice, all comms are sensitive,
irrespective of the content, to Charlie, only matters that he
feels/defines as "sensitive" should be encrypted) much to the chagrin of
Alice, who often tries to tell Charlie about traffic analysis, and how
he is making things easier by only encrypting what he wants to hide, not
the mundane, the routine, and what he wants to hide. She also clearly
has a self-interest in him adopting her higher-standard to increase her
security and communications.

Lastly, we have David.. Who knows about encryption, even likes using
it.. But.. he "can't be bothered" to encrypt and/or sign his traffic
because he says "what's the point? the government can break it anyway
(his opinion)"  , or  "I would sign/encrypt, but Im at work, or I
haven't found the time to load gpg on my new home computer", or  "not
enough people use gpg to make it worthwhile or mean anything"

So people have their options, and they clearly choose to use it. But you
are at the mercy of their opinions, options, feelings, and standards.
And at the end of the day, it's alla bout standards. Poor Alice in her
crypto-Wonderland. Too bad not many others share her enthusiasm and
dedication.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20121005/de547358/attachment.pgp>

More information about the Gnupg-users mailing list