On PKI

No such Client nosuchclient at gmail.com
Wed Aug 29 01:00:34 CEST 2012


On PKI,
I fear that the property of it being so decentralized, and relatively
free, is the same reason why it does not have wider adoption. It is not
a centralized product, nor is trust maintained by any government /
private institutions (banks, clerks, notaries, etc ) to prove identity.
So, thus.. PKI is both adopted, however split given its decentralized
nature. Using openID as an example, to try and free themselves from
centralized SSO (google, yahoo, microsoft, well, and facebook as a
newcomer) openid sought to allow anyone from any domain login to other
sites, with a universal token. Well.. the benefit that brings the user,
is a significant downside for those who would like to have a more
consolidated approach to things.
  Gpg is not owned by any entity, it can be used in many countries
legally, and virtually any other country illegally. It can be used to
designate trust (albeit in a simple manner) , or delegate it (truth be
told,  I don´t fully understand tsign per documentation). The same
properties which make it suitable for anyone with the motivations ,
interest, and time to learn how to master it and use it in their own
lives, means that it is not adopted by governments and corporations
because of the fact that it is not beholden (afaik) to any country,
government, company, or organization (well, ignoring the gnu folks who
develop it). Furthermore, said interests have a strong interest in
ensuring that products are strong enough to keep out the opposition /
¨bad guys¨ , but weak enough so that the implementing party can still
exercise it´s power if it deems it necessary.  I see a power in a
digital signature, and using a public key for a designated task. In
fact, i personally believe it is a key aspect of
http://en.wikipedia.org/wiki/Fourth_generation_warfare , if one knows
how to harness it properly. PKI may take time to come, however  Change
does tend to scare people. Especially if they have a vested interest in
a status quo.  Think of a criminal organization (or worse) that
understood and used gpg, monkeysphere, and only relayed the important
traffic via couriers with flashdrives. That would make it very hard for
law enforcement, or security types to try and track down. In conjunction
with twitter, or statusnet, or other things, they also used pastebin for
Command and Control , Communications  and Intelligence (C3I). Try
finding a court in most countries that would have enough evidence to try
such a ¨plot¨. That kind of power of technology, as a double-edged sword
surely is not lost upon decision-makers in Government and Industry. 

Requesting your Comments.
Thank you, - no such



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120829/58cf5c5b/attachment-0001.pgp>


More information about the Gnupg-users mailing list