Main Area and Open Discussion > General Software Discussion

More on social networks, and security: you can derive a net from PGP use!

(1/1)

urlwolf:
http://attrition.org/security/rant/z/keysigning.html

There are a few basic truths to the use of PGP/GPG keysigning that one must consider.

   1. Individuals choose what name and email address are attached to keys. Some people use it in a professional capacity and as such have their legal name and work address attached. Other people may use it in a personal capacity, including individuals that wish to hide information for personal reasons such as a fundamental desire for privacy, to hide questionable material or legal reasons.
   2. Many people don't want their legal identity attached to their key. How then does "Raven" or "Jericho" prove who they are? Handles do not lend themselves well to the protocol and typically add extra hurdles in establishing trust. Despite that, over half the people we know use handles instead of legal names for their keys.
   3. In the most simple terms, signing someone else's PGP/GPG key establishes a tie between you and that person. The strength of this tie is not generally known from the signature and any assumptions about the ties are just that... assumptions.
   4. One strength and value of public key cryptography is the ability to make your key available to anyone and everyone, often via e-mail footers, web pages or public key servers.
   5. You have little to no control over who signs your key.
--- End quote ---


If you were scared giving your info to facebook, and thought PGP would give you a tin hat, think again!

housetier:
luckily gpg does not ask for my income, hobbies, preferences, or peer groups :)

Navigation

[0] Message Index