On Wednesday 09 May 2007 12:41, Harold wrote:
> I have been following the discussion about PGP and encryption. For me
> the discussion raises almost as many questions as it supplies answers.
> Someone suggested that you might pull the information together for a FAQ
> posting. I would like to second the notion.
>
>
> I would like to suggest that you might start with why would the average
> user care about encrypting an e-mail message, and in particular a
> message that will be posted on a publicly available bulletin board. How
> big a problem are we dealing with here?
>
>
> I have also been reading about methods of providing keys to recipients.
> The bit I read indicated that you send the key to your recipient before
> sending the message and after receiving it they poll your machine to get
> another key to verify the validity of the message. If someone is sitting
> on your communication channel how would this give you any privacy? Have
> I misunderstood the mechanics of the process?
>
> The article says that the key changes dynamically every few minutes. If
> you send me a message and I do not read it and request a key for two or
> three days how does that fit in the schema?
>
>
> Since your key comes through in your e-mail as a block of hex, of what
> value is it to determine anything? Your e-mail was in plain text. The
> postings to the board do not seem have that. Since I do not know you
> from Adam, as you do not know me, how would having any kind of key that
> came with the e-mail verify that the message was actually from you and
> not someone sitting at your computer or a third party?
>
>
> I see the value in PGP for encrypting data on my machine. There could
> be, possibly, very important information that I would not want to be
> seen by other people. Graphic pictures and my plans for taking over the
> world come to mind, but if I were to share those with you and then send
> you the key to unlock them over the same communication channel where is
> the security? Are we supposed to be exchanging these keys at your key
> signing parties? Does that mean I am more secure because I met you some
> place and personally handed you a key? You could still be with the CIA
> or the local PTA.

To start, read up on how public key cryptography works: 
http://en.wikipedia.org/wiki/Public-key_cryptography. This should answer a 
lot of the questions you ask above.

-- 
Jon M. Hanson (N7ZVJ)
Homepage: http://the-hansons-az.net/
Weblog: http://the-hansons-az.net/wordpress/
Jabber IM: jon@the-hansons-az.net