Some thoughts: o Agreed: OpenPGP is difficult.
o Media-hopping: each segment can be treated separately. The users know there is a thread of conversation but the technologies do not. So, is this point relevant? o Who is the attacker? A government with sufficient motivation and money should have little trouble getting carriers to inform them of who is involved in a given flow in near realtime (say, by forwarding the log streams out of their RADIUS servers), and matching that to a watch list is trivial. These are exactly the people who would be doing large-scale collection. A personal rival probably couldn't afford it. (This is directed at the "distinguishment" factor.) Today the chief difficulty for a state really isn't technical or financial, but legal. o "Encrypt each communication (Facebook post, SMS, whatever) with a random 40-bit key. Throw the key away. Send it." Isn't that what we do now? Or do you mean: encrypt *everything*; don't ask, just make encryption the default for all communication. I could get behind that. (I've argued for some time that we ought to do away with HTTP-not-S, not-S-SMTP, etc. and this just extends the argument to another layer.) o Agreed: most people don't care about most of their messaging. o Just so long as those who *do* care can plug in or wrap on something stronger and more manageable if they wish. -- Mark H. Wood, Lead System Programmer [email protected] Asking whether markets are efficient is like asking whether people are smart.
pgpBKtqaT8xV6.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
