In light of the ignorance that the public has shown regarding
encryption, and the tendency of people to be violent to their fellow
citizens as of late, I'm not sure I would like to stand up in a public
place where people can consume alcohol and preach encryption (so to
speak). Some of our public officials are attempting to link encryption
and terrorism in the mind of Joe Amerika. Common sense and
cool-headedness were the second string of victims last week.
Likewise, I fear for my middle-eastern friends. I work with a
gentleman from Pakistan who's cousin and his friends were beaten at a
pizzeria simply for looking like Pakistanis.
I think we should do it in a private meeting and only advertise on this
list. The most dangerous thing to be in America is 'unpopular'. An
interesting corollary to that is this: "The only free society is one in
which it is safe to be unpopular". Something to think about...
TimH
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Seth Cohn
> Sent: Friday, September 21, 2001 10:30 AM
> To: [EMAIL PROTECTED]
> Subject: [EUG-LUG:2917] Re: GPG and private/public keys
>
>
> simply put:
>
> You keep secret the private, give away the public.
>
> People sending you stuff use your public to ENcrypt,
> only you (with the private key) can DEcrypt, thus it's
> readable only to you.
>
> You send out ENcrypted with private key,
> anyone can DEcrypt it using your public key, thus it's
> _signed_ by you.
>
> In order to have a secure conversation, you both need a set of keys.
> You swap public keys, and always encrypt using the other person's key.
> If you want the other person to be sure it is you, you also
> _sign_ it using
> your
> private key. Thus they have to decrypt twice (not really,
> since signing
> is often more of a hash thing).
>
> Let's plan a keysigning party for Mid-October. Hey we can do
> it at the Wild
> Duck,
> get other people involved, and publicize it. I'll work on
> that. The more
> people
> who sign, even if not everyone signs everyone else's key, the better.
> It's a web of trust metric. Then we upload stuff to the main
> keyservers,
> and
> we end up with well trusted keys.
>
>
> > Could someone refresh me how public/private keys work
> again? I always
> > forget the details and wonder how it goes.
> >
> > At work with e-commerce sites, we encrypt a message with the clients
> > public key, output the file as armored ASCII, and send it in the
> > email. But what's the deal with the private key and sharing your
> > public key? Do they need both to decrypt it? Just the private?
>
