[ Thanks to Don
Marti for this link. ]
Zimmermann says that the current practice of
keysignings, with government-issued identification, recitation of
fingerprints and other rituals, is missing the point of helping
users get the practical benefits of encrypting their mail. “What
did I start? I feel like I’ve created a monster”, he told a crowd
of GPG users.Zimmermann explained alternatives to the keysigning monster in
an interview. “A decade ago it made sense to go for maximum
security regarding how to trust whether a key is really the right
key”, he said. “But things can get paralyzed by excessive
analness.”“If you’re in a situation where your threat model is powerful
adversaries who are going to put forth a focused attack, you have
to use formal methods. If you impose those same standards on
everyone’s uses, [however], you end up where we are today, where
only a thin slice of the e-mail pie gets encrypted.”