standardized security levels
mailinglisten at hauke-laging.de
Fri Oct 11 07:24:14 CEST 2013
a few mails ago dkg asked what the use of key policy documents was. That is
obviously limited for several reasons. But the conclusion cannot be that we do
completely without anything like that. It must be that we solve the problem in
a reasonable way. If we don't then we seriously limit the quantity and quality
of crypto usage.
I have been considering this a problem for years and yesterday I finally made
my first step in solving it:
The text is in German, though. But have some fun with the Google translator if
you like... :-)
The idea is to reduce the complex multi-dimensional security of a system to a
limited number (about 10) of typical and useful cases. This should allow
people who do not consider IT as one of their hobbies to much better assess
the situation of their IT and their data.
My OpenPGP specific aim is that such a standardized list would be implemented
in OpenPGP applications, probably as a signature notation. The typical user
would have several keys (for the same address) at different security levels.
Thus the sender could select the security need of the data to be sent and the
system could automatically select the most suitable key (or fail if none such
This may sound like making IT even more complex but I am convinced that the
opposite it true. Achieving the same situation is much more difficult today.
In fact these considerations are simply ignored by most people today. And then
they are surprised that their money is stolen via online banking...
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 572 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users