peter.segment at wronghead.com peter.segment at wronghead.com wrote on Wed Aug 22 20:59:43 CEST 2012 :
>FWIW, this is not our assumption. Alice is far from a "computer illiterate" and such simple CLI interaction is for her a trivial exercise. ... >In our case, that is simply wrong. Alice is no fool, Alice is (probably) a medical or technical professional, Alice is reaing the papers, Alice knows that computer security is full of holes, and unless she, herself, has a reasonable knowledge of the system upon which ~her~ security depends, if in doubt, she will respectfully decline to participate in the activities of the group this system is supposed to serve. ===== As Rob pointed out: "having a single trusted introducer who serves as the gatekeeper for the entire system this problem goes away." Medical or Technical firms using encryption, cannot afford to have their data unencryptable when they themselves need it, and so, may resort to one of two general solutions: [1] ADK's (additional decryption keys) for each employee. (PGP and some commercial implementations offer them, Gnupg does not.) or [2] ALL keys within the company, for all employees, are generated by one sys-admin, who has the copies and passphrases, and gives, to each employee, that employee's keypair, as well as each other employee's public key. (Maybe Rob can comment on other alternate ways of setting up such systems.) Now, IF Alice trusts the sys-admin to not do anything malicious, (i.e. mis-using her key or others to forge anything, and doesn't mind that the administration will be able to decrypt anyone's encrypted message having to do with company or group matters), then, it is very easy to accomplish this through gnupg. The sys-admin generates all the keys, and distributes the keyrings. Each keyring has that individual employee's keypair, as well as all the other employee's public keys. Each key has 'ultimate' trust. No other WOT issues need to be involved. Once Alice gets comfortable with gnupg, and wants to use encryption under wider circumstances, and for personal communication, she can then learn the other issues on how to do this safely. (She can find us on the web, and join this mailing list or others like it, and learn at her own pace ;-) ). vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
