[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: pgp key distribution

 U> From: [email protected] (Perry E. Metzger)
 U> for the life of me understand why. The only way to know 
 U> for sure that someone's key is theirs is a signature from 
 U> a trusted introducer anyway, so people can just ask each 
 U> other in clear for public keys and it doesn't do a lick of 

I think it is valuable for a number of reasons, none of which are
traditional encryption reasons.

One: Mostly, in my world, I don't need SECURITY, I need PRIVACY. A
paper envelope sealed with water-soluble glue is just fine. It stops
casual snoops, like the lock on your car door does. None of which will
stop a determined thief, but like Eric says, it's economics -- this
level of security is inexpensive as hell.

Two: it gets people introduced to the very basic concept that there
*is* privacy (security) available, and possible. In the FidoNet, and
the BBS world, this is important.

Three: In FidoNet, we've got 16,000 sysops, doubling every 18 months,
worldwide. Traditional key systems are not only wildly impractical,
they're unnecessary for traditional reasons -- who much security to I
need to talk to someone 5,000 miles away I've never met?

Four: If I need *real* security, I will (or better!) obtain keys in
"traditional", secure ways. I can plug these keys into my casual
privacy system, which will hopefully encompass the technological
mechanisms of en/decryption, signing, plaintext handling, and all the
assorted baggage we'll have to drag around anyways.

Five: it will entrench some disasters; bum, or faked keys, humongous
duplicates, inexperienced people forgetting their secret pass phrases
so they can't even issue key-removal certificates (this has happened
already; its a MAJOR pain in the ass), one "person" with a zillion
IDs, inconsistent IDing, etc etc etc etc etc.

Oh well. 

In fact, no system gets implemented right. Period. To pretend it will
is folly. Because of the nature of the beast (patents, feds looking
for backdoors, stupidity, centralist, authoritarian types trying to
exert control, etc, I'm pushing, hard and fast, to get systems set up
LIKE CRAZY of all sorts, with all of them being completely distributed
and decentralized. Sufficiently Paranoid.

--- ReadMail
 * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111)
Tom Jennings - via FidoNet node 1:125/555
    UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings
INTERNET: [email protected]