Re: [openpgp] Manifesto - who is the new OpenPGP for?

Bill Frantz <frantz@pwpconsult.com> Thu, 26 March 2015 20:54 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9A7B1B2F16 for <openpgp@ietfa.amsl.com>; Thu, 26 Mar 2015 13:54:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6SkU8rC-xC71 for <openpgp@ietfa.amsl.com>; Thu, 26 Mar 2015 13:54:52 -0700 (PDT)
Received: from elasmtp-spurfowl.atl.sa.earthlink.net (elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by ietfa.amsl.com (Postfix) with ESMTP id 44A821B2F13 for <openpgp@ietf.org>; Thu, 26 Mar 2015 13:54:52 -0700 (PDT)
Received: from [173.75.83.181] (helo=Williams-MacBook-Pro.local) by elasmtp-spurfowl.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1YbEni-0004R8-QC; Thu, 26 Mar 2015 16:54:51 -0400
Date: Thu, 26 Mar 2015 13:54:49 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: John Kreznar <jek@ininx.com>
X-Priority: 3
In-Reply-To: <87y4mkuun7.fsf@ivtd4.ininx.pvt>
Message-ID: <r422Ps-1075i-56315398CDE34DD4A0FEC68D2D0FA520@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec793830ceb0790a5db07044179b3cbe4640350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 173.75.83.181
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/9aR2tc_wQl5jmjuEcQEL_7QgPf0>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Manifesto - who is the new OpenPGP for?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 20:54:58 -0000

On 3/25/15 at 11:42 PM, jek@ininx.com (John Kreznar) wrote:

>Christoph Anton Mitterer <calestyo@scientia.net> writes:
>
>>On Wed, 2015-03-25 at 22:56 -0500, Phillip Hallam-Baker wrote:
>>> Web of Trust is a fine academic
>>> theory but it is not how OpenPGP is really used in the real world.
>>Lol?
>>How else do you use it?
>
>Speaking as a PGP user of over 20 years, I can say that I've NEVER used
>the web of trust.  The way I really use it is to exchange keys with a
>correspondent in plain text and confirm fingerprints out of band.

I used the WoT once to validate a key. The key I validated was 
my own. I was at work, and my key was at home and on a key 
server. I wanted to send some company confidential data home, so 
I down loaded my key from the key server. My key had been signed 
by Carl Ellison, and I had a copy of Carl's business card with 
his key fingerprint. I check the fingerprint against Carl's 
signature, and had enough faith in my own key to use it.

Life does bring up some strange uses.

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        |"We used to quip that "password" is the most common
408-356-8506       | password. Now it's 'password1.' Who said 
users haven't
www.pwpconsult.com | learned anything about security?" -- Bruce Schneier