-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Robert
On Friday 26 February 2010 at 6:05:56 PM, you wrote: > On 2/26/10 12:38 PM, MFPA wrote: >> I am *not* advocating the implementation of any form of >> Digital Restrictions Malware (DRM). > You can say you're not advocating DRM -- but if it looks like a duck, > swims like a duck, flies like a duck and quacks like a duck, then it's a > duck. But if it bears only a slight resemblance to a duck, it is probably *not* a duck. > "Digital": yes, the public key is in a digital form. OK. > "Rights" : yes, you're advocating the owner possesses intrinsic rights. I am simply advocating the owner's right to privacy. Nothing spectacular, nor anything specific to PGP keys. > "Management": yes, you're advocating the owner should be allowed to have > total control over how the key gets distributed. That's pretty > extreme management. I have not knowingly advocated anything so extreme. The reasonable expectation that somebody will extend the common courtesy of checking with the owner before publishing their key falls somewhat short of the owner having total control over their key. > But, hey. If you don't like DRM on the honor system, I'm happy to call > it ORCON ("Originator Controlled"). The term "ORCON" reminds me of a 1970s TV programme about an alien. (-; > ORCON material doesn't get copied, > shared, promulgated, forwarded on, without the originator's explicit > permission. It is the most extreme form of DRM imaginable. I thought I > was being generous by saying you were advocating DRM on the honor system > instead of ORCON -- ORCON is much more onerous. I am not advocating that at all. I see the merit of a system that only allowed the key owner to publish the key to a server. How this could reasonably be achieved is not clear to me. And was not what I was discussing here. > My exposure to ORCON material came from my work with electronic voting > systems. Government officials are sometimes willing to give electronic > voting geeks a peek behind the curtain, so long as there's an ORCON > agreement signed in blood with the Devil himself as an eyewitness. Typical of a government to be ultra-secretive about the wrong things. You would think trust in electronic voting systems would flow from transparency, not secrecy. How can the voters have confidence that the system cannot be manipulated by those running it? > You're advocating public keys be treated like the inner secrets of how > electronic voting machines work. So am I. It's just that you're > advocating they all be kept secret by default and publication being an > exception to the rule -- and I'm advocating they all be kept public by > default and secrecy being the exception to the rule. I think the inner secrets of how electronic voting machines work should be open-source and available for peer-review. I think personally-identifiable information, including an individual's openPGP key, should not be made public without the consent of the individual. >> Uploading a somebody else's key without first checking it is OK by >> them is a breach of their privacy > You're claiming they have a reasonable expectation that, if they share > data that is clearly marked *public*, the recipient should understand > *public* means "clear it with me first"? > I don't think that's a reasonable expectation. The key says "public" > right at the very top, and I think it's unreasonable to expect people to > infer that it means "no, don't share it." > This is why the burden is on the key provider: if you don't want the key > shared, you have to explicitly tell someone about it. If you don't tell > someone about it, they are allowed to think the phrase "public" means > just that. I think it is reasonable to expect the recipient to know that it says "PGP PUBLIC KEY BLOCK." I don't see any reason why they would split the words and interpret each one as a standalone; if people do that, I'm waiting to hear from those who think the key can't be used with GPG, it will open a door or start a car, and that if they had a pile of them they could build a wall. (-; The use of the word "public" in the descriptor "public key" was an unfortunate choice if people are going to interpret things in that manner. I think it is a reasonable expectation that the key owner would have uploaded their key to the keyservers themselves if they wanted it to be there. If the key is not already on the servers, that is a pretty strong indicator that the key owner wants it that way. >> and could well be illegal/unlawful >> in jurisdictions with data protection legislation (for example, if a >> company published a customer's key, showing their name and/or email >> address, to a server). > That's not the key sharer's problem. That's the problem of the person > who provided the key. If you know it would be unlawful for you to share > information, don't share it. I don't understand your comment. It's not unlawful for the individual to share their own information. It would be unlawful for the recipient of that information to share it with others without consent from the individual, or to keep it for longer than reasonably necessary, or to use it for any purpose other than what the customer was told it would be used for. So, the merchant told the customer he would communicate by encrypted email if the customer supplied their public key. The customer was not told the merchant would upload the key to a server; if the merchant did upload it, the merchant would have acted unlawfully. >> I don't see the connection between DRM and a perfectly proper respect >> for individual privacy. > By implication, then, I lack a proper respect for individual privacy. > At this point this seems to be dropping straight into the ad-hominem range. I was thinking maybe you might explain to me the connection you draw between DRM and respecting individual privacy, since I do not see one. It would appear I have offended you; for that I am very sorry. - -- Best regards MFPA mailto:expires2...@ymail.com Vegetarian: Indian word for lousy hunter!!! -----BEGIN PGP SIGNATURE----- iQCVAwUBS4grwaipC46tDG5pAQot8QQArRG5BnDnup4QBTGCFnDajTSzp14Xm7t4 itHb3BOElFuz2uIJTVbO0cqyMS0Oq8YxsmPrDIxPIkx1RHqljQCZcn0Jo8bfdtko FnfjYERkNny+ZiM05WU2G65IriNjID7trkD6MdrvxiUS3hsjjiYy68AGqd3YtVll 4CWflvpTPCE= =WfUj -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users