[kwlug-disc] Generating and using PGP keys

unsolicited unsolicited at swiz.ca
Fri Feb 20 00:55:34 EST 2009

Raul Suarez wrote, On 02/20/2009 12:43 AM:
> I am either too naive, ignorant or plain stupid, but all this
> "Security" at the personal level sounds to me like either a "cool
> and geeky thing to play with" or a tinfoil hat for those that think
> that they really need protection.
> Of course there are situations where it is necessary but for most
> of us mortals most of the time is like walking around with a helmet
> in case we fall.

In this case, PGP has more to do with privacy than security.

e.g. The transfer of e-mail between a health care provider and 
patient. Think, essentially, SSL (https), and how many, many, web 
sites use it (SSL). At this level, people are looking for a guarantee 
that only they can read it.

It also has to do with authentication and attribution - particularly 
for legal things like contracts. Only you (your company) could have 
sent the message (signed and sealed it with the corporate seal), and 
you cannot deny that you did.

	Let alone with all the scams and spoofs, organizations like CERT 
using it to say, yes, there really is a vulnerability in <x>.

Unfortunately, the awkwardness that Paul mentions has gotten in the 
way. And, it hasn't reached a critical mass. So little that when I ask 
my vendors to implement it, they look at me funny. (As in, what the 
heck is that.)

Bet it would be different if Revenue Canada insisted upon it if you 
wanted your refund! (-: Critical mass would be accomplished REAL FAST!

More information about the kwlug-disc mailing list