On PKI, I fear that the property of it being so decentralized, and relatively free, is the same reason why it does not have wider adoption. It is not a centralized product, nor is trust maintained by any government / private institutions (banks, clerks, notaries, etc ) to prove identity. So, thus.. PKI is both adopted, however split given its decentralized nature. Using openID as an example, to try and free themselves from centralized SSO (google, yahoo, microsoft, well, and facebook as a newcomer) openid sought to allow anyone from any domain login to other sites, with a universal token. Well.. the benefit that brings the user, is a significant downside for those who would like to have a more consolidated approach to things. Gpg is not owned by any entity, it can be used in many countries legally, and virtually any other country illegally. It can be used to designate trust (albeit in a simple manner) , or delegate it (truth be told, I don´t fully understand tsign per documentation). The same properties which make it suitable for anyone with the motivations , interest, and time to learn how to master it and use it in their own lives, means that it is not adopted by governments and corporations because of the fact that it is not beholden (afaik) to any country, government, company, or organization (well, ignoring the gnu folks who develop it). Furthermore, said interests have a strong interest in ensuring that products are strong enough to keep out the opposition / ¨bad guys¨ , but weak enough so that the implementing party can still exercise it´s power if it deems it necessary. I see a power in a digital signature, and using a public key for a designated task. In fact, i personally believe it is a key aspect of http://en.wikipedia.org/wiki/Fourth_generation_warfare , if one knows how to harness it properly. PKI may take time to come, however Change does tend to scare people. Especially if they have a vested interest in a status quo. Think of a criminal organization (or worse) that understood and used gpg, monkeysphere, and only relayed the important traffic via couriers with flashdrives. That would make it very hard for law enforcement, or security types to try and track down. In conjunction with twitter, or statusnet, or other things, they also used pastebin for Command and Control , Communications and Intelligence (C3I). Try finding a court in most countries that would have enough evidence to try such a ¨plot¨. That kind of power of technology, as a double-edged sword surely is not lost upon decision-makers in Government and Industry.
Requesting your Comments. Thank you, - no such
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
