Public key somewhere? (Was: Re: Ubuntu Power Options)

Harold hmichels01 at earthlink.net
Wed May 9 12:41:48 MST 2007 

I have been following the discussion about PGP and encryption. For me
the discussion raises almost as many questions as it supplies answers.
Someone suggested that you might pull the information together for a FAQ
posting. I would like to second the notion.


I would like to suggest that you might start with why would the average
user care about encrypting an e-mail message, and in particular a
message that will be posted on a publicly available bulletin board. How
big a problem are we dealing with here?


I have also been reading about methods of providing keys to recipients.
The bit I read indicated that you send the key to your recipient before
sending the message and after receiving it they poll your machine to get
another key to verify the validity of the message. If someone is sitting
on your communication channel how would this give you any privacy? Have
I misunderstood the mechanics of the process? 

The article says that the key changes dynamically every few minutes. If
you send me a message and I do not read it and request a key for two or
three days how does that fit in the schema?


Since your key comes through in your e-mail as a block of hex, of what
value is it to determine anything? Your e-mail was in plain text. The
postings to the board do not seem have that. Since I do not know you
from Adam, as you do not know me, how would having any kind of key that
came with the e-mail verify that the message was actually from you and
not someone sitting at your computer or a third party?


I see the value in PGP for encrypting data on my machine. There could
be, possibly, very important information that I would not want to be
seen by other people. Graphic pictures and my plans for taking over the
world come to mind, but if I were to share those with you and then send
you the key to unlock them over the same communication channel where is
the security? Are we supposed to be exchanging these keys at your key
signing parties? Does that mean I am more secure because I met you some
place and personally handed you a key? You could still be with the CIA
or the local PTA.



OK, enough yammering. Lots of questions.

Harold

More information about the PLUG-discuss mailing list