[Cryptography] Google proposes a Web of Trust replacement to solve the key distribution problem.
Tom Mitchell
mitch at niftyegg.com
Fri Aug 29 19:59:03 EDT 2014
On Thu, Aug 28, 2014 at 11:33 PM, Dave Horsfall <dave at horsfall.org> wrote:
> On Thu, 28 Aug 2014, Phil Pennock wrote:
>
> > Crash and burn: the existing public key servers for PGP have already
> > received EU-based privacy takedown notices for keys,
>
.......
>
> Let me see if I got that straight. Someone objected to their public key
> being, err, public?
>
> I had a boss like that once. Normally a sensible chap, he objected to
> public key crypto making the public key, well, public. I tried to explain
> <http://www.metzdowd.com/mailman/listinfo/cryptography>
>
I can see at least one context where keeping a public key from
being public makes sense.
The easy on is you and I wish to exchange messages there no need
for the public keys to be any more public that you and I.
Wax seals validate a sender, verify that the message was unread in
transit, decorative, official, personal.
In the case of a 'signed' document without a public key the author
can verify that the document was his and might elect to not verify
other troublesome documents. Consider that if I was an IRS official
and the current lost document tangle. The risk of forged documents
implicating others might begin to surface. If I was one of the others
and was in the habit of signing all correspondence never having made
the public half of the signing key public forgery might be easy to discover.
Hidden in this is some notion that keys could be broken by a super powerful
TLA perhaps with collusion or via subterfuge involving another TLA.
Gmail is interesting because of its notion of circles which might give
context to select a key for use and decide if encryption or signature
was desired. Little different than a reply in kind text, rich text or
html
was desired.
However some individuals.....
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140829/1d05c62f/attachment.html>
More information about the cryptography
mailing list