[ale] Keysigning get-together?

Matt Rutherford matthew.g.rutherford at gmail.com
Sun Oct 23 01:00:13 EDT 2011 

Though largely a lurker, I will break habit here. Bravo Michael and well
said. Privacy, electronic or otherwise, is a human right.

Matt R
On Oct 22, 2011 5:30 PM, "Michael H. Warfield" <mhw at wittsend.com> wrote:

> On Fri, 2011-10-21 at 20:38 -0400, Jim Lynch wrote:
> > On 10/21/2011 02:06 PM, Michael Trausch wrote:
> > >
> > > I would like to know if anyone has any interest in doing a PGP
> > > keysigning get-together.  My motivation is, of course, that I need
> > > signatures on my key. :)
> > >
> > > Would anyone else be interested?
> > >
> > >
> > I hate to be the dissenting member but why?  I don't understand what we
> > information we interchange amongst us that need such security.
>
> Do you put mail in envelopes?  Why not just put it on postcards?  Why?
> You don't care if anybody reads your mail, right?  You'd put your credit
> card on a postcard and drop it into a mailbox.  Right?  Nobody else can
> read it but the mailman and he can be trusted.  Right?  I don't think
> so.
>
> > If we
> > were collaborating on some top secret project then sure, but I haven't
> > seen any topic that merits this level of security.
>
> That's the red herring that has haunted us and impeded progress since
> the early days of PGP.  It's a false statement and it's a false
> question.  The real question is "why wouldn't we?"  The question "why
> would we" is a lie and backwards.  We don't need "a reason to" any more
> than we need a reason to put a letter in an envelope and seal it so
> nobody else could read it before mailing it.  It's our business and we
> don't need a reason.
>
> > I thought we were a bunch of individuals that were interested in Linux
> > and wanted to share our experiences, or were looking for assistance with
> > respect to Linux not extremest radicals wanting to take over the world.
>
> And that last bit was utter nonsense.  Do you use secure web sites
> (https)?  You do?  You RADICAL!  What are you trying to do?  Take over
> the world?  You're using encryption!?!?  What are you trying to hide?
>
> Linux is all about freedom and so it PGP (which is as old as Linux).  We
> had a long LONG struggle getting cryptography into the Linux kernels
> thanks to the US crypto restrictions.  Well, we finally won and it was a
> hard fought battle for people like use that constantly fought against
> those regulations and restrictions.  No difference.  Part and parcel.
> Linux is about freedom.  PGP is about freedom.  PGP was originally
> released as open source a very long time ago, same year Linus released
> Linux, and epitomizes the the very principles of OpenSource we cherish
> in Linux.  Asking why do we do this is as much as asking "why do we us
> Linux".  I would ask in return "why shouldn't we?  "We're free to and
> it's an exercise of our freedom to."
>
> Fact is, there are many people who use cryptography routinely just to
> conduct ordinary affairs and to protect themselves and we do it
> routinely.
>
> In some cases, I'm now required by government regulations to employ
> cryptography, for very good reasons.  Criminals are in the news
> constantly having compromised computers and drives and phones that
> should have been encrypted and thousands of people are put at risk
> because they were.  Latest Android (ICE Cream Sandwich) is going to have
> encryption available and LUKS encryption is available on earlier
> versions if you root your device and install Cyanogen Mod.
>
> PGP is not just about encryption and confidentiality (though it is
> cryptography) it's also about authentication and validation.  You can
> still read my E-Mails.  Yet, did you noticed all my E-Mails are signed?
> They are signed with GPG and can authenticate that they came from me.
> Do you understand that those signatures have force of law and can be
> introduced into court and can be used in transacting government
> business?  This was passed into law here in Georgia years ago.
>
> I don't give a flying flip if anyone validates that only I could have
> sent this particular message, but they can.  I use to get asked by noobs
> why I signed everything.  Yet, it should be obvious (it is to
> experienced people).  By signing everything, you develop a baseline
> "preponderance of evidence" that this is your key.  You also establish
> this more formally by having others sign your keys and extending the web
> of trust.
>
> The web of trust is the opposite end of a continuum of authentication
> with "certificate providers" (CAs, SSL Certificates, aka big bucks $$$)
> at the other end.  Yeah, they've been a great success at authentication
> and verification with multiple fake certificates out there including
> fake code signing certs for MS and the whole Diginotar debacle.  The web
> of trust is to PGP / GPG what certifying authorities are to SSL.  It's
> just that we are our own certifying authorities and a keysigning party
> is exactly the exercise of that certification authority we all posses.
>
> > I have no reason to communicate with anyone on this list any information
> > that I wouldn't what someone else to view.  Is everyone as paranoid as
> > Aaron?
>
> I've heard this since the early days of PGP.  Stale, worn out, replayed
> nonsense typically quoted by people with vested interests in you NOT
> preserving your privacy and arguing you have no right to privacy.  You
> don't have to be paranoid but they are out there and they are out to get
> you.  They don't WANT you to be able to protect yourself.  "Oh, if we
> only protect and save even one little child from child pornographers
> then we should prohibit encryption like PGP" (actually said to Phil
> Zimmerman and me at a show while he and I were chatting years ago here
> in Atlanta).  These people really exist.  THEY'RE the paranoids.  They
> don't want us doing this because they don't trust what WE'RE doing.  You
> think WE'RE paranoid?  You have not experienced the paranoid of the
> lunatic fringe.
>
> It has also been said that one major problem with current encryption
> practices is in the element of "traffic analysis".  If you encrypt
> something, that automagically implies you are hiding something and, as
> such, worth breaking into.  So you're act of protecting something makes
> it more vulnerable.  You can't deny the attacks are out there.  So you
> can protect what is vulnerable by encryption (putting in envelops away
> from prying eyes) EVERYTHING so, therefore, nothing stands out
> different, valuable or innocuous.  If everything is encrypted, how do
> you decided what to try to decrypt.  Even the simplest of encryptions is
> effective if EVERYTHING is encrypted because then you would have to
> decrypt everything just to determine what was interesting enough to go
> to the trouble, and there's not enough computing horsepower in the
> universe in that circumstance.
>
> > Not that I don't want it to happen, but what's the point?  I'm not Aaron.
>
> I think I've listed more than enough points above.  But...  I'm not
> Aaron and I've been a strong enthusiast for PGP since the very early
> days were even the US government was openly persecuting Phil Zimmerman
> for years for his creation of PGP.  The point is to insure THAT level of
> paranoia (on the part of governments, law enforcement, and enforcers of
> the status quo, religious right, lunatic fringe paranoids, and
> criminals) can never return again.  The point is to preserve and protect
> our freedoms, some of which have been won with more difficulty than
> others.  After 9/11 there was serious talk about returning to a time
> where cryptography was regulated and restricted and we managed to quash
> that noise.  I've lived through those times and lived under those
> regulations and I have stood nose to nose with a couple of the lunatic
> fringe paranoids who would deny us those freedoms.
>
> I believe my identity and my privacy and my security is in my hands to
> maintain, when ever and where ever I chose to exercise it.  And that IS
> the point and that is why I participate in these things and promote
> them.
>
> > Jim.
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of
> all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20111023/acd546e6/attachment.html

More information about the Ale mailing list