Re: pgp signing in van
"Anshuman Pratap Chaudhary" <anshumanpratap@gmail.com> Mon, 09 September 2013 16:32 UTC
Return-Path: <anshumanpratap@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4E3211E810E; Mon, 9 Sep 2013 09:32:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.846
X-Spam-Level:
X-Spam-Status: No, score=-0.846 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ofzXHg9Ozq16; Mon, 9 Sep 2013 09:32:58 -0700 (PDT)
Received: from mail-ea0-x22e.google.com (mail-ea0-x22e.google.com [IPv6:2a00:1450:4013:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 63EAC11E819F; Mon, 9 Sep 2013 09:31:37 -0700 (PDT)
Received: by mail-ea0-f174.google.com with SMTP id z15so3251855ead.19 for <multiple recipients>; Mon, 09 Sep 2013 09:31:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=return-receipt-to:disposition-notification-to:message-id :content-transfer-encoding:reply-to:references:in-reply-to :sensitivity:importance:subject:to:from:date:content-type :mime-version; bh=UgSO8680sIOyXhtBi8zMTDeZr/H97pcu/H0n10/KuYU=; b=Zvh3TjXJ8+9v73Hj/M5s/GEBewP0c6NghfcKuiMvGn3kvKo0Q9364jNtuoei4SdP8b J6mH4aQvXzRZB+0xyoxr3/q+VUkf42xHmq3N2X8AV/1pT6VwKHBBYK1lTuZFWPCsEj0m pNQywwhdzJQgDintFFKlWknZCcMEx9Wx9rVyn+BcftkapFCRSMJDefJgf6gO+O/pd/Ag ejwjeZ1NxM51zhgzKOmLnq1MgmEx8qK3goQAZORg4Z40bf7nZxp/cWXbwXXRiNsIXm+C Po1897o967/h004ZarqY6R+NJykRCSpDVVBjVfVbDYAQvif4BBjs6iT670iXY8l3Jedq 5e2g==
X-Received: by 10.14.224.198 with SMTP id x46mr4636657eep.53.1378744296470; Mon, 09 Sep 2013 09:31:36 -0700 (PDT)
Received: from 172.18.196.179 (bda-178-239-83-217.bis7.eu.blackberry.com. [178.239.83.217]) by mx.google.com with ESMTPSA id a6sm23207104eei.10.1969.12.31.16.00.00 (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 09 Sep 2013 09:31:35 -0700 (PDT)
X-rim-org-msg-ref-id: 815227778
Message-ID: <815227778-1378744293-cardhu_decombobulator_blackberry.rim.net-1241953119-@b12.c3.bise7.blackberry>
Content-Transfer-Encoding: base64
X-Priority: Normal
References: <m2zjrq22wp.wl%randy@psg.com> <2309.1378487864@sandelman.ca> <522A5A45.7020208@isi.edu> <CA2A6416-7168-480A-8CE1-FB1EB6290C77@nominum.com> <522A71A5.6030808@gmail.com> <6DE840CA-2F3D-4AE5-B86A-90B39E07A35F@nominum.com> <CAPv4CP_ySqyEa57jUocVxX6M6DYef=DDdoB+XwmDMt5F9eGn1A@mail.gmail.com> <18992.1378676025@sandelman.ca> <8D23D4052ABE7A4490E77B1A012B63077527BC7A@mbx-01.win.nominum.com> <13787.1378730617@sandelman.ca> <8D23D4052ABE7A4490E77B1A012B63077527C8AB@mbx-01.win.nominum.com>
In-Reply-To: <8D23D4052ABE7A4490E77B1A012B63077527C8AB@mbx-01.win.nominum.com>
Sensitivity: Normal
Importance: Normal
Subject: Re: pgp signing in van
To: Ted Lemon <Ted.Lemon@nominum.com>, ietf-bounces@ietf.org, IETF discussion list <ietf@ietf.org>
From: Anshuman Pratap Chaudhary <anshumanpratap@gmail.com>
Date: Mon, 09 Sep 2013 16:31:36 +0000
Content-Type: text/plain; charset="Windows-1252"
MIME-Version: 1.0
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: anshumanpratap@gmail.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 16:32:59 -0000
Chop? Sent from my BlackBerry® Smartphone, regret typo's! -----Original Message----- From: Ted Lemon <Ted.Lemon@nominum.com> Sender: ietf-bounces@ietf.org Date: Mon, 9 Sep 2013 13:58:34 To: IETF discussion list<ietf@ietf.org> Subject: Re: pgp signing in van On Sep 9, 2013, at 8:43 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote: >> What's the upside to signing my email? I know why I want everybody I >> know to sign my email, but what's the upside for me if I do it? Until >> there's a clear win, it's not going to happen. > > It's what establishes the reputation of the key that signs your email. > That's why having people show up to an IETF PGP signing party, when those > people haven't been using the key is useless. If we think that IETF > is a meritocracy, then it doesn't matter what your government ID is. > > It matters what you said on the mailing list. On Sep 9, 2013, at 12:28 AM, l.wood@surrey.ac.uk wrote: > There is no upside. > > By signing your mail you lose plausible deniability, remove legal doubt as to what you said... Your checks are in the mail. Seriously, this perfectly illustrates the reason why PGP hasn't seen widespread deployment: it doesn't address a use case that anybody understands or cares about, and it appears to address a use case that people actually would like to avoid. Here is the current use model for PGP: (1) I generate a key and sign all my email with it (2) People reading my email see an obscure indicator somewhere in my email that indicates that it was signed by either an unknown key (nearly always) or a known key (I don't even know what that looks like) (3) ??? (4) WIN! First of all, this does nothing to preserve privacy, so I don't know why we're even talking about it. PGP in principle could be used to encrypt communication, but because we don't really have an agreed-upon trust model, this is a use case that only occurs when people are _highly motivated_ to protect their privacy, and that's not most people, and not most of the time. This stuff matters. Thinking about the use model for the tools we build is _the most important aspect_ of protecting peoples' privacy. If we don't think about these things, we're just producing cool toys that will never see general use. I can actually describe a use model for PGP that accomplishes what Michael wants without accomplishing what Lloyd doesn't want, but let's leave that for another conversation. The point I wanted to make is very simply that if we don't think about use models, we will never get to (4).
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Melinda Shore
- pgp signing in van Randy Bush
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Dave Crocker
- Re: pgp signing in van Scott Kitterman
- RE: pgp signing in van l.wood
- Re: pgp signing in van Russ Housley
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Scott Brim
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Pete Resnick
- Re: pgp signing in van Theodore Ts'o
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van John C Klensin
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Måns Nilsson
- RE: pgp signing in van l.wood
- Re: pgp signing in van Anshuman Pratap Chaudhary
- Re: pgp signing in van Måns Nilsson
- Re: pgp signing in van Brian Trammell
- Re: pgp signing in van Andrew Sullivan
- Re: pgp signing in van Cyrus Daboo
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van John Levine
- Re: pgp signing in van David Conrad
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Richard Barnes
- Re: pgp signing in van Scott Brim
- Re: [IETF] Re: pgp signing in van Warren Kumari
- What real users think [was: Re: pgp signing in va… Brian E Carpenter
- Re: pgp signing in van Dan York
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: What real users think [was: Re: pgp signing i… Hector Santos
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Brian E Carpenter
- Re: What real users think [was: Re: pgp signing i… John C Klensin
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: pgp signing in van David Morris
- Re: What real users think [was: Re: pgp signing i… SM
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: not really pgp signing in van John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… John R. Levine
- Re: pgp signing in van Arturo Servin
- Re: not really pgp signing in van Scott Kitterman
- Re: What real users think [was: Re: pgp signing i… Phillip Hallam-Baker
- Re: not really pgp signing in van John Levine
- Re: What real users think [was: Re: pgp signing i… John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: What real users think [was: Re: pgp signing i… Fernando Gont
- Re: pgp signing in van Fernando Gont
- Re: pgp signing in van Ted Lemon
- Re: not really pgp signing in van Brian Trammell
- Re: pgp signing in van t.p.
- Re: not really pgp signing in van Måns Nilsson
- Re: pgp signing in van Ted Lemon
- the evil of html was Re: pgp signing in van t.p.
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Paul Wouters
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Martin Thomson
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van manning bill
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Theodore Ts'o
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Yoav Nir
- was: not really pgp signing in van SM
- Re: was: not really pgp signing in van Phillip Hallam-Baker