Robert J. Hansen
rjh at sixdemonbag.org
Mon Apr 10 00:27:52 CEST 2017
> I have to admit the replies to this thread have been very informative in
> ways that simple answers just never would be. Here I was trying to get
> "it" "right" the first (thirty first) time, when it's clear that there's
> no it or right. I am heartened by the dialog and as a result of my
> reading, think that my approach will be fine for my threat vector :).
There's a great quote from _Zero Effect_ that springs to mind. "There
aren't any good guys! You realize that, don't you? I mean, there
aren't evil guys, and innocent guys, and -- it's just -- it's just a
bunch of guys!"
There are very few good practices in communications security, and very
few bad practices. Mostly, you have to pick from a very mixed bag of
> But as somebody else on the thread
> mentioned, it's fun trying out the cryptocandy.
That it is, and so long as it's fun I advise you to knock yourself out!
> On another note, while I am totally committed to better understand
> gnupg, I find the bulk of available material in its domain to be
> inconsistent, contradictory, sophmoric, written in faux cryptogeek, and
> generally misleading. Gems are nearly impossible to find. I have read
> at least a couple of dozen intro to gnupg articles that completely fail
> to arrive at consensus on the fundamentals. What gets encrypted with
> what keys? What is a detached signature and why might I want one?
Suggest questions to be addressed in the FAQ and I'll take a stab. Our
FAQ needs reorganization -- badly -- but the answers are pretty good, I
think. Wikipedia actually cites us in a couple of crypto articles.
> I guess what I'm really trying to say is, this "system is so
> eye-poppingly user-unfriendly" that it could use some good, clear,
> accurate, reasonably comprehensive, accessible literature written by
> folks who actually know how stuff works.
So you want someone who isn't just a whiz in cryptogeekery, but has a
detailed knowledge of the OpenPGP spec and how GnuPG implements it,
*and* is a skilled technical writer, *and* has the free time to commit
(conservatively speaking) hundreds of hours of free labor?
You're looking for a unicorn -- but I encourage you to keep looking. :)
More information about the Gnupg-users