Multiple email addresses - any alternative to ask everyone to sign all my keys?
Christopher J. Walters
cwal989 at comcast.net
Thu Jul 25 07:49:21 CEST 2013
On 7/24/2013 6:06 PM, Robert J. Hansen wrote:
> (My original reply went just to Philipp. My apologies.)
No apology necessary.
I also must apologize, as my original reply got sent to Robert J. Hansen, when
it was intended for the list.
> On 7/24/2013 1:53 AM, Philipp Klaus Krause wrote:
>
> Unfortunately, this is not casting very much light on things. The use
> of phrases like CONFIDENTIAL, SECRET and TOP SECRET have very specific
> meanings in NATO countries, and you're using them here in ways that are
> at odds with their NATO meanings.
This is true, and NATO countries have very specific and well defined ways of
dealing with data with those titles, depending on the country.
> Let me try this rephrasing:
[snip]
> Further, each piece of traffic can receive any of three classifications:
> C, S or TS. You can send C traffic to Bender: the necessary keys to
> decrypt it are held there. However, although you can technically send
> TS traffic to Fry, Fry can't decrypt it: the keys aren't there.
>
> If I have this right, then you've walked straight into the Bell-LaPadula
> security model. You'll be well-served by reading up on it: a good
> academic reference will answer many of your questions.
I'll have to look that up and read up on it, when I have the time.
> The short answer is, "OpenPGP by itself will not be sufficient for your
> purposes. It might be able to provide a couple of tools, but what you
> want to achieve is far beyond the scope of OpenPGP."
That was my conclusion, as well. That is why I suggested the bootable
GNU/Linux or *BSD Live CD (with some vital tools on it, of course) and a USB
thumb drive - with an encrypted filesystem for storing the keys (I'm not
familiar with the smart card's capabilities, and as every smart card reader I
have is non-functional, I cannot test it out).
My suggestion went beyond OpenPGP and GnuPG to try to solve the problem Philipp
described.
Regards,
Chris
More information about the Gnupg-users
mailing list