-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 31-07-2012 8:17, peter.segm...@wronghead.com escribió: ... > Correct me if I'm wrong, but it is unreasonable to expect anybody > to successfully and safely use gpg without understanding the > concepts and mastering the skills essential to the WOT:
I think you are wrong about that. All the user needs is a properly configured portable install of GnuPG (and very likely, an easy to use GUI, because if Allice can't understand WOT, probably using CLI won't make her happy at all). The "group manager" (from now on, the administrator) has a key, used to sign the member's key (as Robert explained in the message from july 31, about using Thunderbird+Enigmail). Gpg is configured to trust Administrator signature, probably her own signatures, and nothing else (so, it will be a very short WoT). If she encrypts a file to a public key, either: a) Gpg sees the key is signed by the administrator, and allows the encryption. Allice doesn't have to know about the internal magic in this process. b) Gpg doesn't find the administrator signature, and rejects the recipient's key as not valid. Allice doesn't need to know what does it mean, she just need to know "if GPG doesn't let me do this, I must not do this". Of course, if all they keys she has available came from the software provided by the administrator, this will never happen. ... > "group manager" in the widest possible sense). He can easily do > all the necessary key management (distribution, verification, > revocation...) functions in the course of his other (quite > extensive, actually) group management tasks and activities. Then the end user will never have to bother about what is a WoT. GPG and the group manager will handle that part. End user just need updated public keyring. > Most users in this group have no single computer they operate on. > Occasionally they must be able to create cipher-text on "drive-by" > computers, not connected to the public network or where any > network access is raising undesired attention . It is essential > that the software requires no "installation" on the computer it is > to be used on. (i.e., it must be statically linked, with no > external dependencies). I have GPG with GPGShell on my USB flash drive, and I can encrypt, decrypt, and generate keys quite easily. Of course I can do a lot more things, but I'm not forced to do any other thing. And since GPGShell is JUST a GUI, that means GPG can do the same things from command line, and unlike GPGShell GUI, it is available for windows, linux, etc. Now I already said that, I must also say I don't enter my private key passphrase in a computer I don't trust. In fact, I don't remember if I ever used my portable gpg, other than to test if it works. I carry it with me just in case I go to visit my father, and for any strange reason, I want to decrypt a file I have at my 4shared account. I know his computer is probably safer than mine, since he uses it just for work, he doesn't install stuff on it, and so on. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQNE8lAAoJEMV4f6PvczxAeR8H/jr+cXxjZebOD9yv2INAsR4c t5PrOKdL1YIbLOhi5900hosY/Fuj5+Dvb2d7V64OM47IFrPN/4ud+pGs3iK4Mlbf 1sNJU5NUozo8cspz1kizKi6uXbFWoAMllcyGBuGz7U7mflC7APIabZG8ItXPZjXv rkPQGdpApdm8V2pp7g9ZbX3nSASoilvwsGT3a7SLVJvTK9e9wZT2EXRWTvcPxdo5 loLaVmaJSnKSKPgNgRXB9BomMIuHlGftlY6KZSeCvP/adzazKb+uHyW9XCgztZuH p9qvQAR443anYrl68AJIEpfUKvjBbWpDYnXz4VZwI3hmzNWu6CrZX1FElugT+qM= =W66I -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
