two-lock mailbox analogy

listo factor listofactor at
Thu Jun 18 20:21:33 CEST 2015

FWIW, I use the following analogy:

I have a secure steel mailbox, located on a street corner - just
like the Post Office does - that I visit occasionally to collect
the mail that my correspondents have deposited there. The only
difference between my box and those owned and operated by the
Post Office is that on my box, there is a second lock and key,
one that is required to open the slot by which the letters are
deposited into the mailbox. Copies of that key I give freely to
all that want to securely send me a message. This is the public
key: it is useless for retrieving the messages from the box, it
can be used only to deposit them.

Just like the Post Office, I have another, private key, which is in
my possession only, and which I must keep protected. This one opens
the back cover of the steel box, one through which I, just like the
post office collection truck operator, retrieve all the letters
from the mailbox.

The set of two keys, private and public, are mathematically related
in a unique way. The public key is thus also useful to confirm
that the message is deposited in my box, as opposed to somebody
else's box that happens to be located on the same street corner.

I advise those that I teach how to use GPG to completely ignore
WOT and key-signing, and to rely on rigorous out-of-channel key
fingerprint verification. If they don't, they could be depositing
their messages into an imposter's box, who could read them, and
(since he, like everybody else, is likely to be in the possession
of my public key) afterward deposit them in my mailbox. Neither
I, nor the message sender would know that such message has been
read by the imposter.

Teaching those that don't have a very concrete idea of the cost to
themselves and/or to their correspondents in case the content of
their communication is compromised is a waste of time: they lack
the motivation to put in the considerable effort that is necessary
to effectively use (as opposed to just "go through the motions")
of something as complex as GPG.

Advocating for the adoption of encrypted communication as a matter
of personal policy or principle, in conjunction with teaching the
use of a complex software system necessary to do it is, IMHO,
a big mistake.

Listo Factor

More information about the Gnupg-users mailing list