[Cryptography] Avoiding PGP
Alexander Klimov
alserkli at inbox.ru
Fri Mar 16 14:11:32 EDT 2018
On Thu, 15 Mar 2018, Kevin W. Wall wrote:
> Half of my friends & family belongs to the "blinking twelve" club.
> Me trying to explain WoT to them would certainly result in a
> deer-in-the-headlights look.
That is why you do not explain WoT to them: you simply go to the
grandma place, generate her key pair, take her public key to your
device, put your public key on her device, configure her mail agent to
use the key by default.
Compared to the time you spend teaching her to find inbox in the UI
and how to interpret various number of ">" in the start of the line
(and how to avoid messing with them), the key exchange you did is
absolutely negligible.
> On the other hand, I don't even need to explain Signal to people.
> For the most part, it's just install it and go,
This way you betray her mobile number. That would be strange idea,
since the first thing I teach the grandma about is to never type-in
her personal information.
We were talking about email. If you want IM, simply teach the grandma
to start Pidgin and initiate OTR for her. Again a two-minute task
which is absolutely negligible compared to the rest of the teaching.
> So while I am not *blaming* GnuPG, it most definitely is harder for
> non-technical folks to use.
Nope, for the grandma it is completely transparent.
> Also it is interesting to note that inside of corporations, PGP and
> S/MIME email have largely been replaced with Identity Based
> Encryption
I have not noticed that: professionals around me mostly use GnuPG.
S/MIME is rare and mostly used for signatures. Encrypted 7-Zip files
are common with lawyers, etc.
--
Regards,
ASK
More information about the cryptography
mailing list