[ale] PGP/GPG
Solomon Peachy
pizza at shaftnet.org
Thu Mar 23 09:44:00 EDT 2017
On Thu, Mar 23, 2017 at 09:23:31AM -0400, Jeremy T. Bouse wrote:
> Yes, losing private key data is another issue. While I have the primary
> key on the encrypted USB drive in a safe, I also have print outs that
> can be OCR scanned for recovery. I also shard the digital key into M
> pieces and requires N of those pieces to restore the file. I have then
> given copies of those pieces to trusted friends to hold on to as well as
> stored some of them with different off-site services in the event
> something happened to my home and the backups in the safe.
See, I've never bothered with any of that, and implying that this sort
of level of diligence is necessary for encryption/signing to be of any
use is, IMO, highly counterproductive.
I keep my key on a server I control, backed up in its entirety onto
other systems I control. It's secured with a passphrase, but is
otherwise weak by today's standards. (But, hey, said key is nearly two
decades old now..)
You have to ask what the threat model is, and what you are trying to
accomplish with said crypto. What I personally care about is proving
that what someone receives was actually sent or otherwise attested by
me. And my setup accomplishes that quite well.
In a bit of irony, most folks these days actually _do_ utilize email
signing -- as an antispam mechanism. It's just attesting that the
_originating server_ is legit, rather than the user..
- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Delray Beach, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20170323/09fafd26/attachment.sig>
More information about the Ale
mailing list