LinuxJournal: Zimmermann: More (secure email) Pie Please

[ Thanks to Don
for this link. ]

Zimmermann says that the current practice of
keysignings, with government-issued identification, recitation of
fingerprints and other rituals, is missing the point of helping
users get the practical benefits of encrypting their mail. “What
did I start? I feel like I’ve created a monster”, he told a crowd
of GPG users.

Zimmermann explained alternatives to the keysigning monster in
an interview. “A decade ago it made sense to go for maximum
security regarding how to trust whether a key is really the right
key”, he said. “But things can get paralyzed by excessive

“If you’re in a situation where your threat model is powerful
adversaries who are going to put forth a focused attack, you have
to use formal methods. If you impose those same standards on
everyone’s uses, [however], you end up where we are today, where
only a thin slice of the e-mail pie gets encrypted.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis