On 08/19/2014 02:36 PM, Daniel Roesler wrote: > I agree that emulating Web PKI might not fit this situation, but > that's because I'm not sure I fully understand the need for any PKI > for human-to-human messaging. I don't need to be able to authenticate > everyone out there, just the people I want to communicate with.
A great many interesting projects take this approach. There is a lot to be said for dispensing with the messiness of infrastructure. However, there are many usage scenarios where someone may need to communicate securely with high number of people with whom they have never communicated before. Journalists, for example. I have also seen this with some activists. I myself find that I use OpenPGP mostly for people who I do not know. For people I know, we just use OTR. In my experience, most people who prefer a decentralized infrastructure-less approach can be fairly adamant about it (our gracious convener Trevor is an exception). It is no accident that libertarians and anarchists tend to map their ideological preferences onto their technical preferences. I personally prefer technical approaches that happen to not map at all to my political ideology. I think there is certainly a place for both decentralized and infrastructure approaches, and if we can actually get an infrastructure approach that works reliably then people will start to see the usability benefit. An improvement to how people handle random key material is no small thing, and could make the difference between encryption technology that is adopted and used correctly and encryption technology that is either not adopted or not used correctly. -elijah _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
