There is no "long-term PGP key model".
There is a fallacy of "web of trust" and fallacy of the notion that
public keys need to be published (maybe because they are named 'public' ?)
PGP works fine for end-to-end security of authenticated parties. There
are thousands (probably much more, but I'll stick to my samples and
extrapolation) of cases where previously authenticated parties, personal
or business partners, exchange their keys via secure side channel, and
then happily message each other. Most often each party has dedicated key
pair for just one correspondent. Public keys are never published - on
the contrary, they are preferably kept secret. Metadata is not shielded
unless Tor and throw-away accounts are used, but that is another topic.
In reality there are very few people one person needs strong secrecy
with, so the existing key management works well (and no, your social
network "friends" don't count.)
Then we come back to the issue why would one want to have
unauthenticated encrypted communication, which appears to be touted as
one and the only use case for PGP (in other words, someone picks
someone's public key from the public key server and sends encrypted
message.) It is hard to find actual use case except superficial
lifestyle choice ("look ma, I'm encrypting!") Public key servers are
hackable, thugs will sign keys on key signing parties, so one would have
to be out of her mind to count on authenticity of the key not received
directly from the target when serious secrecy is required. The other
argument for PGP, in the early days, was to prevent mass interception
and casual surveillance. That has been pretty much taken care of by SSL
and its strains (again, metadata requires additional measures.)
So the whole argument is fake, a red herring, as it dissects the false
use case.
that. It's about the long-term PGP key model -- be it secured
by Web of Trust, fingerprints or Trust on First Use -- and how
it failed me.
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: http://mx.kein.org/mailman/listinfo/nettime-l
# archive: http://www.nettime.org contact: [email protected]
# @nettime_bot tweets mail w/ sender unless #ANON is in Subject:
