[kwlug-disc] Generating and using PGP keys
unsolicited at swiz.ca
Fri Feb 20 00:55:34 EST 2009
Raul Suarez wrote, On 02/20/2009 12:43 AM:
> I am either too naive, ignorant or plain stupid, but all this
> "Security" at the personal level sounds to me like either a "cool
> and geeky thing to play with" or a tinfoil hat for those that think
> that they really need protection.
> Of course there are situations where it is necessary but for most
> of us mortals most of the time is like walking around with a helmet
> in case we fall.
In this case, PGP has more to do with privacy than security.
e.g. The transfer of e-mail between a health care provider and
patient. Think, essentially, SSL (https), and how many, many, web
sites use it (SSL). At this level, people are looking for a guarantee
that only they can read it.
It also has to do with authentication and attribution - particularly
for legal things like contracts. Only you (your company) could have
sent the message (signed and sealed it with the corporate seal), and
you cannot deny that you did.
Let alone with all the scams and spoofs, organizations like CERT
using it to say, yes, there really is a vulnerability in <x>.
Unfortunately, the awkwardness that Paul mentions has gotten in the
way. And, it hasn't reached a critical mass. So little that when I ask
my vendors to implement it, they look at me funny. (As in, what the
heck is that.)
Bet it would be different if Revenue Canada insisted upon it if you
wanted your refund! (-: Critical mass would be accomplished REAL FAST!
More information about the kwlug-disc