encrypting to expired certificates

Robert J. Hansen rjh at sixdemonbag.org
Mon Sep 15 18:38:37 CEST 2014

> Some time ago one of the well-known users of this list wrote:
> "Secure communication with noobs is impossible. Period." (or
> similar)

Wasn't me: I think a statement like that is arrogant even by my
standards.  It implies the speaker can accomplish this task, and if the
history of communications security tells us anything it's to be deeply
skeptical of anyone making such a claim.

For that matter, what does "secure" mean, anyway?  Most people would say
it means "an adversary can't intercept the communication or modify it."
Fine.  Who's the adversary?  If your adversary is a smart 12-year-old,
a good way to establish secure communication is to walk into your
nearest bar and tell the bouncers to be on the lookout for 12-year-olds
trying to get inside.  If the adversary is an outfit with a lot of
professional experience at intercepting communications, then you're
completely screwed and there's nothing you can do about it.

I really wish we could get over our obsession with the word "secure".
In twenty years of talking about PGP/GnuPG, I have yet to see it add one
iota of meaning to any conversation.

More information about the Gnupg-users mailing list