Hey. I really cannot understand why ct/heise and some others run these Anti-OpenPGP campaigns recently, while at the same time hypocritically claiming they'd be in favour of cryptography for people.
- Per se, users will need to have at least some basic understanding of cryptography - otherwise anyone could trick them into doing anything. I'm talking about things like "don't blindly sign others keys", or that one cannot securely communicated with a peer unless one has more or less directly exchanged some credentials (e.g. fingerprints) with that. - Apart from that, OpenPGP isn't that complicated, there are many front-ends which allow the end user to use gnupg in an easy manner. - If one wants real security, one will never get around that mutual authentication / credential-exchange ... and THIS is the actual thing that makes OpenPGP (in contrast to X.509 and friends) "complicated". And this is also why I'd call ct/heise anti-cryptographers: For some months now they demand "cryptography made easy" and to kick everything else into the can. They basically demand stuff like "TextSecure" which they advertise as the best secure messenger out there - while it actually doesn't even demand users to mutually verify any credentials at all. And even if they do one hasn't even a way to mark a contact as validated or not (bug open for ages now). This is basically what they want: Anonymous cryptography, whose complete security is based on some good luck whether you've communicated with the right peer the first time. But instead of just advertising that crap, they seem to also have went on some stupid anti-OpenPGP campaign... o.O Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
