Re: pgp signing in van

[Fernando Gont <fernando@gont.com.ar>]

On 09/09/2013 05:17 PM, Ted Lemon wrote:
> On Sep 9, 2013, at 4:11 PM, Dan York <dan-ietf@danyork.org> wrote:
>> Even in the groups where PGP was (and is) being used, usage is
>> inconsistent in part because people are now accessing their email
>> using different devices and not all of them have easy access to
>> PGP/GPG.  If you receive an encrypted message... but can only read
>> it on your laptop/desktop and not your mobile device, and you are
>> not near your laptop/desktop, how useful is the encryption if you
>> need to read the message?  You have to either wait to get back to
>> your system or ask the person to re-send unencrypted.
> 
> It might be worth thinking about why ssh and ssl work so well, and
> PGP/GPG don't.

Just a quick guess: SSL works automagically, PGP doesn't. So even if the
user doesn't care, SSL is there. PGP, OTOH, usually requires explicit
installation of a plug in and weird stuff (for mere mortals) such as
generating keys, etc.

ssh is typically use by techie people, that realize that e.g. doing
remote login is a bit crazy -- so if you're going to do remote login,
you're certainly going to use ssh (additionally, support for telnet is
disabled by default). OTOH,  how many encrypted and/or authenticated
emails does an average user sends a year?

(Not to mention the fact that at the end of the day, you can manually
check the ssh keys "once and for all" in a secure way, whereas with PGP
it's *extremely* often that people that use PGP don't get the habit of
sharing their keys in a secure way when they have the chance to -- for
instance, why doesn't everyone include their fingerprint on their
personal cards?)

Cheers,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492





-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1