<div class="gmail_quote">On Wed, Oct 28, 2009 at 10:41 AM, Jim Lynch <span dir="ltr"><<a href="mailto:ale_nospam@fayettedigital.com">ale_nospam@fayettedigital.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">Michael H. Warfield wrote:<br>
> Hello all!<br>
><br>
> Aaron approached me a couple of days about about running a PGP/GPG key<br>
> signing party for the November ALE meeting. Looking back, it looks like<br>
> the last one was 6-1/2 years ago! Wow, time flies... Ok... So be it.<br>
><br>
</div>I for one would like to know exactly what this activity is good for. I<br>
understand that one of the uses of these keys is to be sure an email is<br>
from who you think it is. Exactly what activities are you guys involved<br>
in that require that level of security? Obviously you are doing<br>
something other than sending responses to the various questions/issue on<br>
this list.<br>
<br>
I'm not criticizing, just very puzzled 'cause I have no real idea of a<br>
practical use for this level of security.<br>
<br>
Thanks for the enlightenment.<br></blockquote></div><br>This, right here, is why I can't get anyone I know to use GPG. <br><br>This email traveled various routers plain text to reach your inbox. To which everyone I know says, "So? I don't care if George W. Bush/Barack Obama/the CIA/the NSA/the Russian Mafia reads my email." And for this particular email, which is going to end up in ALE's public archives, so what? <br>
<br>However. If you ARE going to send something secret--like, say, financial junk, or your ISP emailing you passwords--that means that the only mail in your inbox that's encrypted is the mail you don't want people to read. Way to be stealthy. <br>
<br>No, the way to be stealthy is to encrypt by default. Then people don't know which message is the super secret message, and waste time decrypting pictures of your cats and your wife asking you to bring home milk looking for the message with the secret stuff in it. And, you know. Maybe I don't WANT my emails to my honey flying around plain text, only he refuses to encrypt. Then again, he didn't want to use SSL for his pop/imap until I opened wireshark and showed him his passwords, so there you go. <br>
<br>As for the keysigning party, there's no guarantee that the key in the keyserver is who it says it is. Considering that I can't get my friends to use encryption at all, it's unlikely that people are impersonating them, but...<br>
<br>Katherine<br>