On 2/20/12 7:55 PM, Steve wrote: > Hm, that was also bothering me with the other mails you wrote on > this topic earlier. It's already very late here, so bare with me I'm > taking this from remembrance. You said due to the fact that the world > is very big and web of trust not used much, it can't serve as a good > information tool since most likely the signatures will be from people > I don't know.
I think this is a mischaracterization of my position. My position is, "PKI is hard." We don't have any tools that can scale up to the size of the world. > I'm not so sure about that. Wonder why google called the grouping > feature in G+ "circle"? We communicate and behave and live in > circles. Circles that are increasingly separate from actual physical interaction. There are a lot of people in my circles I've never met before, which makes the problem of verifying their keys rather difficult. Social media will not solve the PKI problem. In many ways it makes it worse. Social media is predicated around the idea that you have given up your privacy and anonymity in exchange for being more connected to the social flow around you. Before Facebook, people who used encryption and other privacy technologies were looked at by the population at large as being kind of kooks. Now we're being looked at as if we're about to step off into the woods with Ted Kaczynski. The things that we value are increasingly out of step with the things our society values. And, you know, that's fine: there are *lots* of communities with values out of step with those of the larger society. But we should be cautious of thinking that we're going to wave a little crypto magic fairy dust and suddenly everyone will come to our side of the privacy fence: they won't, and it doesn't matter how good our Kool-Aid tastes. > Wouldn't that mean that actually the web of trust should work well? The question is not whether we think it should work well, but rather whether it *does* work well. It doesn't. > I think the web of trust is an awesome idea and again (as with > encryption in general) it's up to each and every human to make use > of those tools. As long as people have to make a conscious choice to use these tools, these tools will never become mainstream. > Isn't the big difference that OpenPGP is a decentralized concept > while S/MIME requires centralized infrastructure? Not really. S/MIME is as capable of decentralized behavior as OpenPGP. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users