standardized security levels

Hauke Laging mailinglisten at hauke-laging.de
Fri Oct 11 07:24:14 CEST 2013


Hello,

a few mails ago dkg asked what the use of key policy documents was. That is 
obviously limited for several reasons. But the conclusion cannot be that we do 
completely without anything like that. It must be that we solve the problem in 
a reasonable way. If we don't then we seriously limit the quantity and quality 
of crypto usage.

I have been considering this a problem for years and yesterday I finally made 
my first step in solving it:

http://www.crypto-fuer-alle.de/wishlist/securitylevel/

The text is in German, though. But have some fun with the Google translator if 
you like... :-)

http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.crypto-fuer-alle.de%2Fwishlist%2Fsecuritylevel%2F&act=url

The idea is to reduce the complex multi-dimensional security of a system to a 
limited number (about 10) of typical and useful cases. This should allow 
people who do not consider IT as one of their hobbies to much better assess 
the situation of their IT and their data.

My OpenPGP specific aim is that such a standardized list would be implemented 
in OpenPGP applications, probably as a signature notation. The typical user 
would have several keys (for the same address) at different security levels. 
Thus the sender could select the security need of the data to be sent and the 
system could automatically select the most suitable key (or fail if none such 
is available).

This may sound like making IT even more complex but I am convinced that the 
opposite it true. Achieving the same situation is much more difficult today. 
In fact these considerations are simply ignored by most people today. And then 
they are surprised that their money is stolen via online banking...


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20131011/aaa71773/attachment.sig>


More information about the Gnupg-users mailing list