[attrition] Social Implications of Keysigning

security curmudgeon jericho at attrition.org
Tue May 23 01:53:24 EDT 2006


http://attrition.org/security/rant/z/keysigning.html

Social Implications of Keysigning
Raven & Jericho
Tue May 23 01:41:20 EDT 2006

Intro

The use of strong public encryption has always been popular among geeks. 
Perhaps the most commonly used and most beloved encryption for e-mail is 
Pretty Good Privacy (PGP); started as a free method for protecting emails 
or other sensitive information, later turned into a cornerstone for a 
large company. As PGP became more corporate, costly and used patented 
algorithms, another project, GnuPG, sprung up to continue to offer strong 
encryption to the masses.

One foundation of reliable encryption is trust. The use of encryption 
between two or more people relies on you being sure that the message you 
sent is properly encrypted to and able to be decrypted solely by the 
intended recipient. When using a friend's GPG key, you must be sure that 
the key was created by and belongs solely to your friend. Otherwise, you 
may send mail that your friend cannot read (if they don't have the key you 
encrypted to), or worse, mail that some other party can read (if that 
party does have the key you encrypted to).

[..]


More information about the attrition mailing list