[liberationtech] 10 reasons not to start using PGP
Gregory Maxwell
greg at xiph.org
Fri Oct 11 12:24:23 PDT 2013
On Fri, Oct 11, 2013 at 12:10 PM, Tempest <tempest at tushmail.com> wrote:
> a fair point. but one could significantly address this issue by hosting
> the public key on a tor hidden service. that would greater ensure that,
> in order to get your key, they would be using a system that protects
> against such threats. hardly an "easy" solution. but it can be solved
> with a little extra planning.
Of course, if you can do this and the HS is secure, then you can just
dispense with the PGP altogether.
You can work around the limitations I've pointed to here... You
messages via hidden services without pgp at all.. or you can create
per-recipient symmetric keys which you clearsign then encrypt with
hidden-recipent to each person you want to talk to, then symmetrically
encrypt your actual messages, and discard once a conversation is done.
But no one does, because it's hard, and some of PGP's downsides are subtle.
More information about the liberationtech
mailing list