It is important that those of us who UNDERSTAND the issues educate (if only by example) those who do not. I'm going to float the idea of doing this by the SAO guys. If nothing else, the tech community needs to make more public statements about the value of encryption NOW before it all goes away. the Wild Duck is a great forum for this, since it's not like we'd be in the middle of a bar doing this, it's still 'private'. Plus, it's a way to generate interest in the Monthly Tech Brew event (which is sorely needed) and increase attendence. I might even just make it a regular thing (I'd need a better laptop for that though.) Seth ----- Original Message ----- From: Tim Howe <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 21, 2001 10:51 AM Subject: [EUG-LUG:2918] Re: GPG and private/public keys > In light of the ignorance that the public has shown regarding > encryption, and the tendency of people to be violent to their fellow > citizens as of late, I'm not sure I would like to stand up in a public > place where people can consume alcohol and preach encryption (so to > speak). Some of our public officials are attempting to link encryption > and terrorism in the mind of Joe Amerika. Common sense and > cool-headedness were the second string of victims last week. > Likewise, I fear for my middle-eastern friends. I work with a > gentleman from Pakistan who's cousin and his friends were beaten at a > pizzeria simply for looking like Pakistanis. > > I think we should do it in a private meeting and only advertise on this > list. The most dangerous thing to be in America is 'unpopular'. An > interesting corollary to that is this: "The only free society is one in > which it is safe to be unpopular". Something to think about... > > TimH > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Seth Cohn > > Sent: Friday, September 21, 2001 10:30 AM > > To: [EMAIL PROTECTED] > > Subject: [EUG-LUG:2917] Re: GPG and private/public keys > > > > > > simply put: > > > > You keep secret the private, give away the public. > > > > People sending you stuff use your public to ENcrypt, > > only you (with the private key) can DEcrypt, thus it's > > readable only to you. > > > > You send out ENcrypted with private key, > > anyone can DEcrypt it using your public key, thus it's > > _signed_ by you. > > > > In order to have a secure conversation, you both need a set of keys. > > You swap public keys, and always encrypt using the other person's key. > > If you want the other person to be sure it is you, you also > > _sign_ it using > > your > > private key. Thus they have to decrypt twice (not really, > > since signing > > is often more of a hash thing). > > > > Let's plan a keysigning party for Mid-October. Hey we can do > > it at the Wild > > Duck, > > get other people involved, and publicize it. I'll work on > > that. The more > > people > > who sign, even if not everyone signs everyone else's key, the better. > > It's a web of trust metric. Then we upload stuff to the main > > keyservers, > > and > > we end up with well trusted keys. > > > > > > > Could someone refresh me how public/private keys work > > again? I always > > > forget the details and wonder how it goes. > > > > > > At work with e-commerce sites, we encrypt a message with the clients > > > public key, output the file as armored ASCII, and send it in the > > > email. But what's the deal with the private key and sharing your > > > public key? Do they need both to decrypt it? Just the private? > > > >
