LinuxJournal: Zimmermann: More (secure email) Pie Please
Nov 14, 2001, 18:55 (5 Talkback[s])
(Other stories by Don Marti)
[ Thanks to Don
Marti for this link. ]
Zimmermann says that the current practice of
keysignings, with government-issued identification, recitation of
fingerprints and other rituals, is missing the point of helping
users get the practical benefits of encrypting their mail. "What
did I start? I feel like I've created a monster", he told a crowd
of GPG users.
Zimmermann explained alternatives to the keysigning monster in
an interview. "A decade ago it made sense to go for maximum
security regarding how to trust whether a key is really the right
key", he said. "But things can get paralyzed by excessive
analness."
"If you're in a situation where your threat model is powerful
adversaries who are going to put forth a focused attack, you have
to use formal methods. If you impose those same standards on
everyone's uses, [however], you end up where we are today, where
only a thin slice of the e-mail pie gets encrypted."
Complete
Story
Related Stories:
- Linux Journal: GPG: the Best Free Crypto You Aren't Using, Part I of II
(Sep 09, 2001)
- Two on PGP: August keyanalyze Report Released, FBI ordered to reveal PC snooping technique(Aug 11, 2001)
- LinuxPlanet: .comment: My Semi-Annual Security Rant(Jun 06, 2001)
- Phil Zimmerman: PGP Marks 10th Anniversary(Jun 06, 2001)
- LinuxSecurity.com: Using GnuPG with Pine(Apr 14, 2001)
- ComputerWorld: Pretty Good Privacy creator resigns from Network Associates(Feb 21, 2001)
- Linux.com: Secure Communication with GnuPG on Linux
(Dec 17, 2000)
- EarthWeb.com: Phil Zimmermann: Programmer as Celebrity(Nov 08, 2000)
- Fairfax IT: Fighting the good fight(Feb 09, 1999)
