It's time for PGP to die.
2014-667rhzu3dc-lists-groups at riseup.net
Sun Aug 17 22:08:26 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On Sunday 17 August 2014 at 10:41:27 AM, in
<mid:53F078C7.2060107 at gbenet.com>, david at gbenet.com wrote:
> I've been using gnupg for many many years. I have 199
> users in my key ring and 99.99 per cent are
> "untrusted." A fact that I for one do not mind. You
> don't trust my key is from me - right? Trust is
> relative - you have all been here for many many years -
> but I will not sign keys from you as "trusted."
I suspect that percentage is only slightly over-stated. (-;
For most of my communications, if the person has told me their email
address and it works, that's good enough for me. Use of GnuPG adds
encryption, and signing if we should want it. The Web of Trust adds
nothing in this usage case.
> Leaving aside the issue of how popular encryption of
> mail is - we are faced with the fact that 98 per cent
> of computer users are completely ignorant about
> software and hardware. They just go into PC World and
> buy what they like. There is No Microsoft pre-loaded
> security features built-in and so end users have no
> idea about encrypting their emails - and no easy way to
> instantly share keys between users. There is no
> automatic key generation at the point of switching the
> computer on for the very first time and then sharing
> your key with millions of other people.
Why would you want to automatically share your key with millions? You
would hope not to receive email from millions, and at first boot your
computer does not know your email address.
> Same with so-called smart phones and tablets - there is
> no automatic "simple" key creation and automatic
> posting to a secure key server.
If that did happen, whose control would the server be under? Would it
provide security or an illusion of security?
> After 20 odd years while there has been advances in
> cryptography and GUIs there has been an almost zero
> growth in take up. No wonder Yahoo and Google (who can
> not be trusted) are providing solutions to end users
> who are completely ignorant.
Is this mainly advertising hype, and there will still be limited
> Can you imagine the horror
> of Microsoft entering the "market?" That thought scares
> me to death.
Wasn't that what you were advocating with "automatic key generation at
the point of switching the computer on for the very first time?"
> But we have to face the fact that Microsoft has a hold
> on hard drive manufacturers - in that they are all sold
> with a version of "Windows" on them. What is required
> is that at first boot up of a computer an Iphone or an
> Itablet whatever a programme needs to run that will
> install and create a set of keys automatically. Your
> public key will automatically be sent to key servers.
Why on earth would we want that?
> (a) do we want to implement our own security on our own
> devices as a "geek" or
> (b) have some automated pre-installed software that will
> create all that's necessary at first boot or
> (c) rely on some large corporation to handle the
> encryption and decryption for us
What's the difference between (b) and (c) for a Windows or Mac user?
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
Learning without thought is naught;
thought without learning is dangerous.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users