[attrition] Social Implications of Keysigning
security curmudgeon
jericho at attrition.org
Tue May 23 01:53:24 EDT 2006
http://attrition.org/security/rant/z/keysigning.html
Social Implications of Keysigning
Raven & Jericho
Tue May 23 01:41:20 EDT 2006
Intro
The use of strong public encryption has always been popular among geeks.
Perhaps the most commonly used and most beloved encryption for e-mail is
Pretty Good Privacy (PGP); started as a free method for protecting emails
or other sensitive information, later turned into a cornerstone for a
large company. As PGP became more corporate, costly and used patented
algorithms, another project, GnuPG, sprung up to continue to offer strong
encryption to the masses.
One foundation of reliable encryption is trust. The use of encryption
between two or more people relies on you being sure that the message you
sent is properly encrypted to and able to be decrypted solely by the
intended recipient. When using a friend's GPG key, you must be sure that
the key was created by and belongs solely to your friend. Otherwise, you
may send mail that your friend cannot read (if they don't have the key you
encrypted to), or worse, mail that some other party can read (if that
party does have the key you encrypted to).
[..]
More information about the attrition
mailing list