Linux Today: Linux News On Internet Time.

LinuxJournal: Zimmermann: More (secure email) Pie Please

Nov 14, 2001, 18:55 (5 Talkback[s])
(Other stories by Don Marti)

[ Thanks to Don Marti for this link. ]

Zimmermann says that the current practice of keysignings, with government-issued identification, recitation of fingerprints and other rituals, is missing the point of helping users get the practical benefits of encrypting their mail. "What did I start? I feel like I've created a monster", he told a crowd of GPG users.

Zimmermann explained alternatives to the keysigning monster in an interview. "A decade ago it made sense to go for maximum security regarding how to trust whether a key is really the right key", he said. "But things can get paralyzed by excessive analness."

"If you're in a situation where your threat model is powerful adversaries who are going to put forth a focused attack, you have to use formal methods. If you impose those same standards on everyone's uses, [however], you end up where we are today, where only a thin slice of the e-mail pie gets encrypted."

Complete Story

Related Stories: