On distrusting trust.

[reddragdiva]

Enigmail keeps nagging me to set it up properly. (It came with my copy of Thunderbird.) But I can't remember my GPG pass phrase. I should be able to, as it's based on [garble] of [garble], which I can't imagine forgetting. It's just I need to [garble]. I could just create a new one, but giving it verifiably to the few people who care would be even more of a nuisance.

I don't remember it because I don't use it. Cryptographic protection of privacy sounds like a good idea and something I should do. But I don't get the public-key infrastructure model at all. Keep in mind that I am intelligent and technically literate and have had ten years' geek culture exposure to the concept. How would one communicate it to someone without that at all?

(Excuse me while I pontificate on a subject I admit I don't understand properly.)

• The user is overwhelmingly the most insecure part of any network. The company I work for has all sorts of security policies, but the users are scientists and swap passwords the way they swap information. A security system that leaves any user writing passwords on Post-It notes is fundamentally broken. Most credit card fraud is by people and companies you gave the number to, not someone eavesdropping on the transaction. When your restricted LJ post gets out, you know damn well it was cut-and-paste fairies.

• Trust is not transitive - even if you don't confuse the technical and conventional meanings of the word. Just because someone signs someone else's key, why on Earth should I put the same trust in that as I do in my personal verification? I suspect a variation of geek social fallacy #4. And even with one's closest friends, trusting them in one respect in no way implies trusting them in another.

  I find someone's writing style a surer verification of identity - their writing is their public self on the Net. If the cryptographic signature was right but the writing style was wrong, I would first assume their computer had been cracked rather than that they had suddenly acquired a jarringly foreign turn of phrase.

• The Internet threat model - completely secure computers at either end, possibly-compromised wires in the middle - is completely arse-backwards. Pretty much no-one is eavesdropping (modulo insecure WiFi), but if you put the average Windows computer out on the wild Net, you may as well grease up, bend over and put up a neon sign flashing COME AND GET IT.

  (This is why all the silly crap your web browser does when it comes to a 'secure' page that hasn't bothered paying protection money to Verisign seems to make no goddamn sense - it's because it actually doesn't.)

There are many people reading who know this stuff better than I ever will. I ask you to take the time to shred the above.

Comments

[elisteran.livejournal.com]

Note, however, the difference between encrypting your email with gpg, and signing it. Encrypting is a pain because you do have to get your encryption key verifiably to other people before they can decipher your messages; but anything you want to be able to prove you sent, you can sign it, and then when convenient get the key out to other people. People who care can start verifying your signature as they get the key, and otherwise it doesn't really matter.

(OK, signing is still solving the inverse problem; you ideally want to be able to prove you didn't send a message, but establishing a pattern of signing is better than nothing).