Last night, I somehow managed to pull off the first ORG key signing event successfully!
We exchanged proofs of identity - the ostensible purpose of the event. And the ORG people spread the word about ORG to everyone who attended (and even at least one random person who came up and asked what we were doing), and we all had good discussions about digital rights and crypto.
One topic that came up was the one us cryptogeeks rarely worry about too much:
We know why we want communications to be encrypted and signed by default, where possible; having a system that prevents spoofing and forging messages is vital for advanced electronic banking systems, ensuring privacy against criminals and corrupt governments, and so on. But encrypting and signing wherever you can - rather than just when you need to - means that the encrypted traffic doesn't stand out. If only important messages are encrypted, then a snooper can filter out encrypted messages and focus resources on breaking them, confident of a juicy find inside. If everything is encrypted, then finding the interesting messages amongst the chaff is difficult; if they pick a random message and break it somehow, odds on it'll just be mundane chatter.
Also, using cryptography routinely would make communications technology actually live up to the expectations passed upon it. People naively assume that their messages can't be spoofed. Most people, if asked, will probably say that they realise people can read their messages, but they will routinely trust that a message is from who it claims to be from, or that a message will not be modified in transit, which are both easily exploited by attackers.
So we try and use the technology where we can. I mean, I personally don't routinely sign all my email messages. I'd like to, but the support for it in mail clients isn't great. Unless I can get
gpg-agent working on my Mac, I'd have to enter a passphrase for every email I send, too. And so on. I'm considering adding signing support to MSAD, where I give MSAD a special signing-only key I create with no passphrase on it (but which I have signed from my primary key) and have it sign all my emails automatically, but that will have to wait until I get time.
My key is mainly used for signing other people's keys, and signing my RDF description of myself (a feature which social networks like Facebook certainly inherently lack). I'd sign my blog posts, but that's not easy - I write them as Markdown text, but what you see on the blog is converted to HTML, wrapped in a template, and split into pages; you don't actually get to see the Markdown as written by me. I've been wondering about a WordPress plugin that adds a link to post pages that, when clicked, produces the underlying text of the entire post, which could then be wrapped in an ASCII-armored PGP signature, along with modifications to the display logic to strip out the signature when it's displayed as HTML, instead putting in the link to the 'raw' version. But I've not had time.
So if even cryptogeeks like me are hampered by the limitations of the available software, what hope is there for the general public to encrypt their communications by default?
There definitely needs to be work done. The infrastructure is all in place - GnuPG exists and works - but there really needs to be better integration and availability in consumer software.
So here's my proposal of how Apple should integrate it into OS X...
Pages: 1 2