[OT] Re: Things we should know about PGP
On Wed, 09 May 2012 13:32:12 +0200, Ralf Mardorf wrote:
> If this discussion can't be stopped, than perhaps we can make it a
> useful thread, by not talking about how to behave or not to behave on a
> mailing list, by not talking about if we won't signed emails or not.
> If you really need security, than you need to take care about many
> things using PGP. I only use openPGP from time to time, to ensure that
> just a special person can read this mail, but not to be completely
> secure. I don't need knowledge about how to handle PGP correct and I
> don't have got this knowledge.
But security has nothing to do with a signed message.
You use GPG/PGP signatures when you want other people can verify that you
are the author of that message. And you encrypt your message when you
want to prevent others can access its content, no more and no less.
> Seemingly some people have completely wrong perceptions about e.g.
> signing a key.
Exactly. For instance, those who think that PGP signed messages will
improve security when reading/posting e-mails >;-)
> Instead of having something similar to a flame-war, some useful
> information belongs to this list.
I only see one big flaw in GPG/PGP signatures current methodology: their
"keyring" system of trust relies on people and people -by definition- is
nothing but unreliable. That's why I don't sign my own messages and I
don't care about others signatures. To my understanding is a waste of
time and resources with little-to-nothing gain.