key question

David Shaw dshaw at jabberwocky.com
Wed Mar 3 21:30:42 CET 2010


On Mar 3, 2010, at 11:16 AM, Mark H. Wood wrote:

> On Fri, Feb 26, 2010 at 03:53:27PM +0000, MFPA wrote:
>> There are privacy issues, especially if user-ids on the key contain
>> email addresses. In some cases, the authorities knowing an individual
>> used encryption could be a problem.
> 
> There are issues of tradecraft, then.  Using OpenPGP as a tool for
> committing crimes is kind of stupid.  There are more secure methods
> for a closed community to secure its lines of communication.  If one
> chooses the wrong tool for a job, or chooses to use it incorrectly, no
> blame attaches to others for the consequences of one's choice.

I basically agree.  I'd say it a little differently as "Using OpenPGP as it is commonly used on the net (with keyservers, and signing parties, and such) as a tool for committing crimes is kind of stupid.".   I think you could do very well using OpenPGP in a nefarious manner, but you'd have to use it in a different way than it is commonly used on the net.  Which is fine - the various OpenPGP implementations are tools, and tools can be used in many different ways, both correctly (meaning "accomplishing what I'm trying to do in a safe and sane way") and incorrectly (meaning "not").

> I feel there is a strong assumption among OpenPGP users that our
> community is, *ahem*, open.

Yes.  Alas.

David




More information about the Gnupg-users mailing list