German ct magazine postulates death of pgp encryption
kristian.fiskerstrand at sumptuouscapital.com
Tue Mar 3 16:32:41 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 03/03/2015 02:00 PM, Hans of Guardian wrote:
> On Feb 27, 2015, at 8:56 PM, Werner Koch wrote:
> Services like keybase.io with poor security practices are going to
> rapidly take over from the PGP keyserver pool because they address
> side of the human interaction, unlike the PGP keyservers. They
> are easy to use and the follow the very common interaction patterns
> that basically all web services these days use. That must also be
> considered when thinking about security. The PGP keyservers need
> email validation not as a way to provide any kind of "trusted"
> status of that key, but rather so enable people to delete keys that
> should no longer be there, and to prevent keyserver spam and
> vandalism. For a good example, search for Richard Stallman and you
> will see how badly the PGP keyservers are failing.
I fail to see how this is a failure on the side of the keyservers, it
is part of the expected practise and a fully understood scenario,
which is why it is mandated to conduct key verification through secure
> Another common scenario is that people make mistakes when learning
> how to use PGP. There is a common mistake of generating a key to
> play with, publishing to the keyserver, then deleting. That key
> will then be on the keyserver forever with no way to delete it.
> That is terrible both security-wise because it is confusing for
> people who are searching for keys, and it is terrible
> human-interaction-wise because it adds pointless noise when
> searching for keys.
It doesn't affect neither security nor the user at all, the first
because the key anyways needs to be verified, the second because the
key anyways needs to be verified.
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Aquila non capit muscas
The eagle does not hunt flies
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users