[linux-elitists] OT: new GPG key
Karsten M. Self
Wed Jun 11 22:11:56 PDT 2003
on Wed, Jun 11, 200e at 08:56:24PM +0000, M. Drew Streib (firstname.lastname@example.org) wrote:
> On Wed, Jun 11, 2003 at 09:52:59PM +0100, Karsten M. Self wrote:
> > I've decided it's time to start signing mail again...
> About time. :)
It's about a lot of things.
Among them, people asking loudly why it is I'm posting my GPG signed
mail rant in unsigned email....
But for this crowd I'll bite. My current computing situation is that
I'm using a portable system (not quite a laptop, it's the CappuccinoPC
Mocha P4), frequently in untrusted environments as my personal
machine. My mailserver sits a continent and an ocean away, and is also
presumably not fully trusted (though I don't fault Peter at all for any
of this). However, for pedestrian threat models (which is to say,
everyday threeats, snooping, etc., not pedestrians per se, though given
how distracted I get... But I digress), the assumption is that some
protection, overwhelming snooping, or casual impersonation (spam is
getting truly ugly), this is a useful measure.
In the past, some (notably Joey Hess) have argued *against* casual use
of GPG signatures, partially on the basis that this could create a
presumption of security (I lock my house and my car, I'm under little
illusion that someone moderately motivated couldn't breech these
countermeasures), or possibly lead to known cyphertext or known
plaintext attacks (cryptographically unlikely given my understanding of
the strengs of PKI). My sense is that for workaday purposes, this s
better than nothing, and more importantly, not worse than nothing.
Other thoughts on this?
Karsten M. Self <email@example.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
A guide to GNU/Linux backups:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030612/d6b3c36b/attachment.pgp
More information about the linux-elitists