On 2/26/10 12:38 PM, MFPA wrote: > I am *not* advocating the implementation of any form of > Digital Restrictions Malware (DRM).
You can say you're not advocating DRM -- but if it looks like a duck, swims like a duck, flies like a duck and quacks like a duck, then it's a duck. "Digital": yes, the public key is in a digital form. "Rights" : yes, you're advocating the owner possesses intrinsic rights. "Management": yes, you're advocating the owner should be allowed to have total control over how the key gets distributed. That's pretty extreme management. But, hey. If you don't like DRM on the honor system, I'm happy to call it ORCON ("Originator Controlled"). ORCON material doesn't get copied, shared, promulgated, forwarded on, without the originator's explicit permission. It is the most extreme form of DRM imaginable. I thought I was being generous by saying you were advocating DRM on the honor system instead of ORCON -- ORCON is much more onerous. My exposure to ORCON material came from my work with electronic voting systems. Government officials are sometimes willing to give electronic voting geeks a peek behind the curtain, so long as there's an ORCON agreement signed in blood with the Devil himself as an eyewitness. You're advocating public keys be treated like the inner secrets of how electronic voting machines work. So am I. It's just that you're advocating they all be kept secret by default and publication being an exception to the rule -- and I'm advocating they all be kept public by default and secrecy being the exception to the rule. > Uploading a somebody else's key without first checking it is OK by > them is a breach of their privacy You're claiming they have a reasonable expectation that, if they share data that is clearly marked *public*, the recipient should understand *public* means "clear it with me first"? I don't think that's a reasonable expectation. The key says "public" right at the very top, and I think it's unreasonable to expect people to infer that it means "no, don't share it." This is why the burden is on the key provider: if you don't want the key shared, you have to explicitly tell someone about it. If you don't tell someone about it, they are allowed to think the phrase "public" means just that. > and could well be illegal/unlawful > in jurisdictions with data protection legislation (for example, if a > company published a customer's key, showing their name and/or email > address, to a server). That's not the key sharer's problem. That's the problem of the person who provided the key. If you know it would be unlawful for you to share information, don't share it. > I don't see the connection between DRM and a perfectly proper respect > for individual privacy. By implication, then, I lack a proper respect for individual privacy. At this point this seems to be dropping straight into the ad-hominem range. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users