Hans, please trim your quoted material. > They would need to use a specialized system, and that specialized > system might then be a marker of suspicion (for example, lots of > governments, including the NSA, already mark all PGP messages as > suspicious).
Unless you've got a desk somewhere deep inside Fort Meade and you're sitting in on briefings the rest of us aren't, you don't know this. There's a lot of panic and paranoia in the air already without people making it worse by treating what they *think* is true as if they *know* it's true. (I don't know if what he's claiming is true or false... but I *do* know that I don't believe his certainty, and I wouldn't believe anyone else who claimed to be certain, either!) > trumpeting "ease of use" above all else. We are seeing systems like > keybase.io that make things really easy, but also expect users to > upload their _private_ key to some alpha web service. keybase doesn't expect users to upload the private key. It works just fine if you don't, and in fact you have to go through an extra couple of steps to put the private key on the keybase servers. For some use cases this is a good practice. For many more it's a bad practice. But it's way too facile to simply say, > That is terrible security practice. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
