[ale] PGP/GPG Keysigning party! ALE Central November 19th.

Katherine Villyard villyard at gmail.com
Wed Oct 28 11:11:21 EDT 2009


On Wed, Oct 28, 2009 at 10:41 AM, Jim Lynch
<ale_nospam at fayettedigital.com>wrote:

> Michael H. Warfield wrote:
> > Hello all!
> >
> > Aaron approached me a couple of days about about running a PGP/GPG key
> > signing party for the November ALE meeting.  Looking back, it looks like
> > the last one was 6-1/2 years ago!  Wow, time flies...  Ok...  So be it.
> >
> I for one would like to know exactly what this activity is good for.  I
> understand that one of the uses of these keys is to be sure an email is
> from who you think it is.  Exactly what activities are you guys involved
> in that require that level of security?  Obviously you are doing
> something other than sending responses to the various questions/issue on
> this list.
>
> I'm not criticizing, just very puzzled 'cause I have no real idea of a
> practical use for this level of security.
>
> Thanks for the enlightenment.
>

This, right here, is why I can't get anyone I know to use GPG.

This email traveled various routers plain text to reach your inbox.  To
which everyone I know says, "So?  I don't care if George W. Bush/Barack
Obama/the CIA/the NSA/the Russian Mafia reads my email."  And for this
particular email, which is going to end up in ALE's public archives, so
what?

However.  If you ARE going to send something secret--like, say, financial
junk, or your ISP emailing you passwords--that means that the only mail in
your inbox that's encrypted is the mail you don't want people to read.  Way
to be stealthy.

No, the way to be stealthy is to encrypt by default.  Then people don't know
which message is the super secret message, and waste time decrypting
pictures of your cats and your wife asking you to bring home milk looking
for the message with the secret stuff in it.  And, you know.  Maybe I don't
WANT my emails to my honey flying around plain text, only he refuses to
encrypt.  Then again, he didn't want to use SSL for his pop/imap until I
opened wireshark and showed him his passwords, so there you go.

As for the keysigning party, there's no guarantee that the key in the
keyserver is who it says it is.  Considering that I can't get my friends to
use encryption at all, it's unlikely that people are impersonating them,
but...

Katherine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20091028/529b4f94/attachment.html 


More information about the Ale mailing list