Comments on: Me and You and a GPG Key Named Boo http://www.movingtofreedom.org/2008/03/09/my-gpg-public-key/ free software, free culture, free association Thu, 24 Jul 2008 05:24:24 +0000 http://wordpress.org/?v=2.0.11 by: Scott Carpenter http://www.movingtofreedom.org/2008/03/09/my-gpg-public-key/#comment-3508 Tue, 18 Mar 2008 02:26:01 +0000 http://www.movingtofreedom.org/2008/03/09/my-gpg-public-key/#comment-3508 Hi, Mario. If I were using encrypted email, I'd want it to only be encrypted in transit, and would leave it in "plain text" on my <a href="http://en.wikipedia.org/wiki/EncFS" rel="nofollow">encfs</a> file system. For issue #2, hmmm... hadn't considered that one. Thanks for adding to my paranoia. :-) Hi, Mario.

If I were using encrypted email, I’d want it to only be encrypted in transit, and would leave it in “plain text” on my encfs file system.

For issue #2, hmmm… hadn’t considered that one. Thanks for adding to my paranoia. :-)

]]> by: Mario Stargard http://www.movingtofreedom.org/2008/03/09/my-gpg-public-key/#comment-3506 Thu, 13 Mar 2008 16:43:09 +0000 http://www.movingtofreedom.org/2008/03/09/my-gpg-public-key/#comment-3506 I've been using gpg for several years. There are two issues I have with the system. First, any email that I've encrypted is not easily searchable. This isn't so much a problem with my personal email as it is with my work email, which I routinely search through looking for project history. This could probably be solved by modifying a mail client, or beagle, to maintain an encrypted index of the encrypted email. The second issue I have is how the web of trust can be turned into a guilt by association kind of thing. Think about it, some notorious hacker the FBI are onto has signed your key at that last conference. While I don't dispute the positive social networking aspects of key signing, there's a dark side I'm not entirely comfortable with. I’ve been using gpg for several years. There are two issues I have with the system. First, any email that I’ve encrypted is not easily searchable. This isn’t so much a problem with my personal email as it is with my work email, which I routinely search through looking for project history. This could probably be solved by modifying a mail client, or beagle, to maintain an encrypted index of the encrypted email.

The second issue I have is how the web of trust can be turned into a guilt by association kind of thing. Think about it, some notorious hacker the FBI are onto has signed your key at that last conference. While I don’t dispute the positive social networking aspects of key signing, there’s a dark side I’m not entirely comfortable with.

]]> by: Scott Carpenter http://www.movingtofreedom.org/2008/03/09/my-gpg-public-key/#comment-3499 Mon, 10 Mar 2008 09:18:04 +0000 http://www.movingtofreedom.org/2008/03/09/my-gpg-public-key/#comment-3499 Hi, Karl. Yeah, way to spread the FUD around. :-) Hi, Karl. Yeah, way to spread the FUD around. :-)

]]> by: Karl Fogel http://www.movingtofreedom.org/2008/03/09/my-gpg-public-key/#comment-3498 Mon, 10 Mar 2008 02:01:44 +0000 http://www.movingtofreedom.org/2008/03/09/my-gpg-public-key/#comment-3498 +1 on "cryptizen". And glad I could help contribute to the general skepticism about the effectiveness of encryption systems that rely on humans using safe procedures :-). -Karl +1 on “cryptizen”.

And glad I could help contribute to the general skepticism about the effectiveness of encryption systems that rely on humans using safe procedures :-).

-Karl

]]>