Reflux on reflux.

[reddragdiva]

Notwithstanding On distrusting distrust and Reflux on distrusting trust ... I now have GPG set up properly with Enigmail in Thunderbird and can send and receive encrypted emails. You can get it here or here. I've also uploaded it to some keyservers.

I still consider the "web of trust" complete snake oil, and if you sign something for someone else I put very little store by that. But I know how much I trust those I know. And now I have reason for secure communications: our friends in the Church of Scientology. And I can't tell you how much this pisses me off.

(It's somewhat jarring to see the Thunderbird menus — painstakingly made user-friendly for the worldwide Firefox/Thunderbird push — as extended with Enigmail's crypto jargon.)

Comments

[wintrmute.livejournal.com]

Key imported -- Catch me on IM (or real life) sometime to confirm fingerprints?

[reddragdiva]

I can see I'll be taking to carrying the fingerprint with me ...

IM is SO not suitable. I mean really. <geek voice>The insecurity!</geek voice> All that unencrypted traffic, between unverified hosts ... you might have to use grey-area social skills and stuff.

[wintrmute.livejournal.com]

you might have to use grey-area social skills and stuff.

I'd be counting on it, in fact ;)

There are ways of (reasonably) verifying that the person on the other end is, in fact, who i think it is, rather than just someone who happened upon their PC while they were off on a lunch break. I could ask you something about the last conversation we had in person, for instance.

Verified PGP keys could be seen as a way of converting unquantifiable trust into a way to encrypt things?

(Excuse me if i'm making no sense.. blame the flu tablets)

[wintrmute.livejournal.com]

*sniffle*

(Yes, I realise that IM is suspectible to someone sitting in the middle and intercepting your messages to me, passing them on verbatim except for the one with the actual fingerprint. However, let's face it, no-one is doing that - and if I had something so absolutely secret that I thought someone *might* be doing that, then we'd be doing things differently anyway.)

You might like this btw:

[wechsler.livejournal.com]

LJ can store your public key if you so wish: http://www.livejournal.com/manage/pubkey.bml

Mine's on my info page.

[rbarclay.livejournal.com]

The "web of trust" is actually useful.

Sometimes.

In specific sircumstances.

Very specific circumstances.

[reddragdiva]

Yes, we went through that before :-)

I "trust" one hop away. I will "trust" two hops away if I can make that into one hop away. Beyond that it's just matching keys on a keyserver.

I put "trust" in scare quotes to signify the difference between cryptographic "trust" and actual trust.

[grumpy-sysadmin.livejournal.com]

I've taken to using "belief" for the latter definition. (Conveniently, that term's not religiously-charged for me.)

[rbarclay.livejournal.com]

Have I mentioned kuvert recently? Makes managing keys et al a complete no-brainer once it's set up.

(frozen) (no subject)

[reddragdiva]

Of course, I couldn't possibly comment.

[loosechanj.livejournal.com]

What is your hardon about scientology? I agree they're utter wanks, but what specifically got you pissed off at them?

[reddragdiva]

Why I do this.

I really haven't bothered much at all in the past few years, but I may just be pissed off enough to start again.