On Thu, 2014-06-05 at 18:16 +0930, Glen Turner wrote: > > GPG/PGP is harder to set up and, because it is not heirarchical, means > > you must set up a relationship with a recipient before you send, but if > > a key is compromised, it only affects stuff sent using that key - not > > every key you ever produced. > > This isn't necessary a disadvantage.
I certainly wasn't suggesting it was! The "harder to set up" is a disadvantage, but the fact that every GPG/PGP key needs to be compromised individually is a Good Thing, and IMHO a *huge* advantage over certificates. > Measuring the degrees between you and Kevin Bacon is a good measure > of the probability that Kevin is sending you spam. Er - yes, but I'm not sure what your point is. How does that relate to GPG? Do you mean that people who want to send you legitimate email are probably close enough to arrange a GPG key exchange with? > (I always get upset when the Attorney-Generals Department tries to blame > ISPs for spam. It was the AGD's Wassenaar Arrangement which suppressed the > widespread use of cryptography in e-mail.) Security never wins the security vs convenience wars. People always prefer the convenience to the hassle, and for the most part are essentially incapable of judging the actual risk they accept in so doing. I'd be genuinely interested in how you feel things would have panned out without Wassenaar. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882 Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A _______________________________________________ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
