Fuck it, serve the files directly.

5 files changed, 799 insertions, 0 deletions

diff --git a/.html/gpg/_list.html b/.html/gpg/_list.html
new file mode 100644
index 0000000..8f54701
--- /dev/null
+++ b/.html/gpg/_list.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>
+		The Codex » 
+		ls /gpg
+	</title>
+
+	<link
+		rel='stylesheet'
+		type='text/css'
+		href='http://fonts.googleapis.com/css?family=Buenard:400,700&amp;subset=latin,latin-ext'>
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/reset.css">
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/grimoire.css">
+</head>
+<body>
+
+<div id="shell">
+	
+		<ol id="breadcrumbs">
+			
+				<li class="crumb-0 not-last">
+					
+						<a href="../">index</a>
+					
+				</li>
+			
+				<li class="crumb-1 not-last">
+					
+						<a href="./">gpg</a>
+					
+				</li>
+			
+				<li class="crumb-2 last">
+					
+						<span class="list-crumb">list</span>
+					
+				</li>
+			
+		</ol>
+	
+
+	
+	<div id="listing">
+		<h1><code>ls /gpg</code></h1>
+
+		
+
+		
+			<div id="pages">
+				<h2>Pages</h2>
+				<ul>
+					
+						<li><a href="cool">GPG Is Pretty Cool</a></li>
+					
+						<li><a href="terrible">GPG Is Terrible</a></li>
+					
+						<li><a href="keys">GPG Keys</a></li>
+					
+				</ul>
+			</div>
+		
+
+		
+	</div>
+
+
+	
+	
+
+	
+	<div id="footer">
+		<p>
+			
+				The Codex —
+			
+			Powered by <a href="http://markdoc.org/">Markdoc</a>.
+			
+<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg">See this directory on Bitbucket</a>.
+
+		</p>
+	</div>
+	
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/.html/gpg/cool.html b/.html/gpg/cool.html
new file mode 100644
index 0000000..528ce0c
--- /dev/null
+++ b/.html/gpg/cool.html
@@ -0,0 +1,146 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>
+		The Codex » 
+		GPG Is Pretty Cool
+	</title>
+
+	<link
+		rel='stylesheet'
+		type='text/css'
+		href='http://fonts.googleapis.com/css?family=Buenard:400,700&amp;subset=latin,latin-ext'>
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/reset.css">
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/grimoire.css">
+</head>
+<body>
+
+<div id="shell">
+	
+		<ol id="breadcrumbs">
+			
+				<li class="crumb-0 not-last">
+					
+						<a href="../">index</a>
+					
+				</li>
+			
+				<li class="crumb-1 not-last">
+					
+						<a href="./">gpg</a>
+					
+				</li>
+			
+				<li class="crumb-2 last">
+					
+						cool
+					
+				</li>
+			
+		</ol>
+	
+
+	
+	<div id="article">
+		<h1 id="gpg-is-pretty-cool">GPG Is Pretty Cool</h1>
+<p>The GPG software suite is a pretty elegant cryptosystem. It provides:</p>
+<ul>
+<li>
+<p>A standard, well-maintained set of tools for creating and storing keys, and
+  associating them with identities</p>
+</li>
+<li>
+<p>A suite of reliable tools for encrypting, signing, decrypting, and
+  verifying data that can be easily assembled into any combination of
+  integrity checks, authenticity checks, and privacy management</p>
+</li>
+<li>
+<p>A key distribution network that does not rely on hierarchal authority and
+  that can be bootstrapped from scratch quickly and easily</p>
+</li>
+</ul>
+<p>While GPG <a href="terrible">sucks in a number of important ways</a>, it's also the best
+tool we have right now for restoring privacy to private correspondance over
+the internet.</p>
+<h2 id="code-signing">Code Signing</h2>
+<p>Pretty much every Linux distribution relies on GPG for code signing. Rather
+than using GPG's web-of-trust model for key distribution, however, code
+signing with GPG usually creates a hierarchal PKI so that the root keys can
+be shipped with the operating system.</p>
+<p>This works shockingly well, and support for GPG is extremely well integrated
+into common package management systems such as apt and yum.</p>
+<h2 id="source-control">Source Control</h2>
+<p>Which is basically code signing, admittedly, but even Git's support for GPG
+is basically great. Tools like Fossil embed it even deeper, and work quite
+well.</p>
+<h2 id="email">Email</h2>
+<p>GPG's integration with email is surprisingly clever, follows a number of
+long-standing best practices for extending email, and does a <em>very</em> good job
+of providing some guarantees that make sense in a not-terribly-long-ago view
+of email as a communications medium. In particular, if</p>
+<ul>
+<li>who you talk to is not a secret, and</li>
+<li>what, broadly, you are talking about is not a secret, but</li>
+<li>the specifics of the discussion <em>are</em> a secret, and</li>
+<li>all participants are using GPG on their own mailers</li>
+</ul>
+<p>then GPG works brilliantly and modern GPG integration is very effective.</p>
+<p>These assumptions pretty accurately reflect the majority of email use up
+through the late 90s and early 2000s: technical or personal correspondence
+between known acquaintences.</p>
+<p>The internet has moved on from email for casual correspondence, but that
+doesn't invalidate the elegance of GPG's integration for GPG users.</p>
+<h2 id="distributed-verification">Distributed Verification</h2>
+<p>Even though GPG's trust model has some serious privacy costs and concerns, it
+works as a great proof of concept for CA-free identity management. That's
+huge: centralized CAs have even more onerous costs and worse risks than GPG's
+trust network, while offering less transparency to help offset those costs.</p>
+<p>Others have written some pretty interesting things on how to improve GPG's
+trust model and make it less succeptible to errors or key leaks by
+small-to-middling numbers of participants. <a href="https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html">This
+post</a>
+to tor-talk last year is probably the most complete.</p>
+	</div>
+
+
+	
+<div id="comments">
+<div id="disqus_thread"></div>
+<script type="text/javascript">
+    /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
+    var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname
+
+    /* * * DON'T EDIT BELOW THIS LINE * * */
+    (function() {
+        var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
+        dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js';
+        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+    })();
+</script>
+<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
+<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
+</div>
+
+
+	
+	<div id="footer">
+		<p>
+			
+				The Codex —
+			
+			Powered by <a href="http://markdoc.org/">Markdoc</a>.
+			
+<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg/cool.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/gpg/cool.md">history</a>).
+
+		</p>
+	</div>
+	
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/.html/gpg/index.html b/.html/gpg/index.html
new file mode 100644
index 0000000..8f54701
--- /dev/null
+++ b/.html/gpg/index.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>
+		The Codex » 
+		ls /gpg
+	</title>
+
+	<link
+		rel='stylesheet'
+		type='text/css'
+		href='http://fonts.googleapis.com/css?family=Buenard:400,700&amp;subset=latin,latin-ext'>
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/reset.css">
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/grimoire.css">
+</head>
+<body>
+
+<div id="shell">
+	
+		<ol id="breadcrumbs">
+			
+				<li class="crumb-0 not-last">
+					
+						<a href="../">index</a>
+					
+				</li>
+			
+				<li class="crumb-1 not-last">
+					
+						<a href="./">gpg</a>
+					
+				</li>
+			
+				<li class="crumb-2 last">
+					
+						<span class="list-crumb">list</span>
+					
+				</li>
+			
+		</ol>
+	
+
+	
+	<div id="listing">
+		<h1><code>ls /gpg</code></h1>
+
+		
+
+		
+			<div id="pages">
+				<h2>Pages</h2>
+				<ul>
+					
+						<li><a href="cool">GPG Is Pretty Cool</a></li>
+					
+						<li><a href="terrible">GPG Is Terrible</a></li>
+					
+						<li><a href="keys">GPG Keys</a></li>
+					
+				</ul>
+			</div>
+		
+
+		
+	</div>
+
+
+	
+	
+
+	
+	<div id="footer">
+		<p>
+			
+				The Codex —
+			
+			Powered by <a href="http://markdoc.org/">Markdoc</a>.
+			
+<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg">See this directory on Bitbucket</a>.
+
+		</p>
+	</div>
+	
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/.html/gpg/keys.html b/.html/gpg/keys.html
new file mode 100644
index 0000000..9fe112b
--- /dev/null
+++ b/.html/gpg/keys.html
@@ -0,0 +1,271 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>
+		The Codex » 
+		GPG Keys
+	</title>
+
+	<link
+		rel='stylesheet'
+		type='text/css'
+		href='http://fonts.googleapis.com/css?family=Buenard:400,700&amp;subset=latin,latin-ext'>
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/reset.css">
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/grimoire.css">
+</head>
+<body>
+
+<div id="shell">
+	
+		<ol id="breadcrumbs">
+			
+				<li class="crumb-0 not-last">
+					
+						<a href="../">index</a>
+					
+				</li>
+			
+				<li class="crumb-1 not-last">
+					
+						<a href="./">gpg</a>
+					
+				</li>
+			
+				<li class="crumb-2 last">
+					
+						keys
+					
+				</li>
+			
+		</ol>
+	
+
+	
+	<div id="article">
+		<h1 id="gpg-keys">GPG Keys</h1>
+<p>If you've read <a href="terrible">GPG Is Terrible</a> and <a href="cool">GPG Is Pretty Cool</a>,
+and their references, and for some reason still feel the need to use GPG, my
+key fingerprint is <code>77BD C4F1 6EFD 607E 85AA  B639 5023 2991 F10D FFD0</code>. The
+key itself is below.</p>
+<pre><code>-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFOWElgBCADSFR0SmdJX5yOFjejxTpjdyc2UwjglM4WqFNne7C9rYkbLGj8U
+y6aVdLop4kFdiZrtuAyJrZnKawZglMar6erBgoNXe3vrbEzopPI1Uev/kY7UHSR+
+dA8EYw50/FOvDYlrJxntvIEfNYskIvhS+c8Y0HSrK9VnKfkfi7hYJP+93sqP/4Lz
+oCnCWQCJSOaOdpora241/bsEU7w8MCiexCdm2NaPc6q445K5XAO5CoLkTwcJxJHM
+xbPH7prSgqdDz5Y00hUDqm+ByLCMVyAFu4/6sEMWZMaOIIEh0a/kpD+xJVkXKszh
+5SsLNZ5oADj9DWHvFoemj1gOixzYlEMdqL3PABEBAAG0KU93ZW4gSmFjb2Jzb24g
+PG93ZW4uamFjb2Jzb25AZ3JpbW9pcmUuY2E+iQEcBBMBCgAGBQJT8kqMAAoJENKx
+mZ8cUdIj7jIIAIamt/VdAr9BB835knMQ48QQaqQr1KrpvL8QCMWen/lcgMBz5FSM
+ZmPImroQKakjKqNbJV5OLKOZGQxNNGxOSP6WSbUEDCiP1J4XddTCogPH2ePL0g+y
+YjoaO24uY6VIjNaY9plf8DQqD3gkcZBX0QjVT+q3MxvhFG8Ox4S+kXDV5qYXDLiB
+PZM1Jv1PDY777Ml6J1Zv4z5oveaKVZfCjdJ7h00QQ+nnKBWIeE4rqqNwtCnM0SoX
+T5zlogZKdCK9mTFzmTMaVmASjYO7xWhIy3bSy2Ke/cyCup2zdc/IhLJio4D/2HRm
+DURsMj8MhIJN4eJymtGw2VQYB300k0cSUWuJAUAEEwEKACoCGwMFCwkIBwMFFQoJ
+CAsFFgIDAQACHgECF4ACGQEFAlR9+1UFCQHjt30ACgkQUCMpkfEN/9AnYwgAju6I
+dWaWEdujxXJS+d2I2bsfraoxu0wlltlX4Z5MDh8h2OAV90fQKJTXx4mSzYgmGL0v
+/2RMnBciSQWskmpHMBGY+dLi0uIb5WOeqttUoLMyq/L7ENhCksKgI/g6RqWCM7+W
+M6LjA09GcCLZMSpZ2xpDyjibtJh4WaO+h+JT6O0UonhMszGgeUf4UH5zIvmkA+Su
+b4mG8tQtBwqEjikXhMsOa27dWj+f+c0Oth3WwFBTfbucw0aSkwDC3L9geyKInJGZ
+W2IC5f7gXJ8MID/aDKNrAOLRGJpqv7d+LZhtyNx6MUh+mNmwplYytEmqdmz2fWss
+l+8arRPUbjA5QdQlH4kCHAQSAQIABgUCU5nlmQAKCRAaK96qaP2zTPShEACNaECa
+WC4qUT+5SJsVPU3skeWd+jp7FVk1P2+IU6pIbB65F04Q+vDbYPR6WVjtuqoxLd5D
+QYcTsUlOE7k1LQlel3FU/8PH0QfhOw6/VMnFpprYns9QISQVuvQUHgl6kWMh2CiJ
+cBB0XQnd7DwRfdR79sOr6UHNBZGYbcKjgq67qq2H7oGuBfzAihYx0ZaJPBGb2QC9
+Efy2xYnEKWHaeI5FpjjcaZKftAe7kDL9T0zMdEicH5txbYNDVB5gBNyhhHakBakl
+phb2rnnbtwsk4pEaPYq/eNxwv/VcJypySlRk+eCCHDlWUhbgRlmr4600EdFNnmCF
+y3rA4nYX9kLu/JYzBwj4VCNkJYDyTCdSCnv8zoLJ/bBFWUEmX0Pvz6gIEQ2Tr5D6
+4t3dn4fIHcdDXAyZb4xj0jJoG+ebDp9uezm1/KFQo7N45yYvWXZGhM515YQZ09nU
+KTgjE1v5H5NThEsw8pn0a6mi+mcHq/V8Au5/EQwh/Ch2KEquQ/MSjCsGOoJOgQTc
++XrzmhUkd2ukxVPXvXE8G+/khT+RRGs6Fttc7b8op/TuTdZCKK+xskyAzmAfc7BB
+RbxVckQs77B3sFJgzgFpxNOuHwVkJN0ZQSTe84DVN80b8JGXrnuCf9EYQiAF4Vw9
+JVorLLif999+JZ3wlGqDTWqeUtElzZfP38ftmYkBHAQQAQIABgUCVMx03gAKCRBg
+rwNo53dYqIvXB/9jGFivwG+s0tMdYB1HJ6OdxRu5cOnBRZNwxJP14VQ0dQlW+Ypv
+cQu0iVb0hA3L/80fw4rx1ul5yrxS6chUUcC1Kz7hIapWa2uMluUZYAfvGTutZ9g1
+uRJzW8+DkMYNowc4wpuprAZqxhcMbjcSomhROBphl7o8kcrn2eNbCIkV/oEE/8Yi
+e01vrDaBsqbH0PcHlP0WK05dswF7VYZLOa7RzUnTXTRRewE5XwzOgBDMWigRWlJv
+wtcgAXUTTzH68G8gmN5TZVw5MMwrKOSfAOLQ0H+R/sdfK/zqLUrTkt//Rdyedh4s
+urNJxtbFgHhv3izZx4gUBkmZzgKbPXqhGfqjtCZPd2VuIEphY29ic29uIDxhbmdy
+eWJhbGRndXlAZ21haWwuY29tPokBHAQTAQoABgUCU/JKmAAKCRDSsZmfHFHSI2n1
+CACDZwumtVBJ6eGS6rySvj+lgH0HDX0KpdL/I0a3N7a/G/xGgJLBdn/vBaSNnvr8
+jAbdUXKMTMbd3Y0VxDFFS0u9lbiryjaljCaNFydXK+auY4HzE0PoOfTb5iPMyfXt
+O3e+CmyAfhP5Q5Tz+HP8gWhi1IvC1UGbfe0VTepUgssw02WHEb8zZ3rOvDpCBFdX
+YUvwbw1lkUyvlrc3hBGsOrWqIqlRO8TR2tgZakThkfgVIZi+ZfZKfmSgHzjnb/xM
+XF7hT/qdCkcSklxSGUTP434nxwVhhr1dEQYP+soaMliusuBO05wJoxQvtav9FGNd
+tteAi24RT+aT9JYQ2UtBXxMYiQE9BBMBCgAnAhsDBQsJCAcDBRUKCQgLBRYCAwEA
+Ah4BAheABQJUfftaBQkB47d9AAoJEFAjKZHxDf/QLzAH/1r5JGeD7jf5+vMKNyLj
+DXcnbALFe1XyD2tXNQSsj2SDKL3FQmzpFuL5O2XXk6xbCGja2daaDyWvo/FMYg9t
+a1DEmPxeWhiFjb1faxya5OA7Be+wqEf7184AK0wO2iTS8ZydOYiibaPBkIC7LPSK
+TPFOHuB0OMKBfAyhRe0z404yxX9DoArU6MsBdxndLdgG0Z5s8EzBme+TsV5Y/cNt
++zx0a/+N3CdFZw5eyNM+bzsO/OiSxma9k4rSqMSm/whuiGydRwefufXwJZPITfPB
+o0itsZ+r7HBiBY6QR+qqiRjwWGqA6DPuOSRwdObM7XNMc2kvRg4P5w+UPH+y6VPe
+C9yJAhwEEgECAAYFAlOZ5aYACgkQGiveqmj9s0z0Fg//cnnBLqytM02vmj7ltvJe
+EjdOjwooa8TXGLnkjWqdRtzPCPsCeUWuIJyvsoJDxv5eGkI3MRD5b+2JxE2C+iU6
+NKWE1tbaPnvVn61RgLvi2mDo2j5nHa/AfrLubONWFydwZTc5tsNFvURr7zGWIoac
+G01YApHu0JpmUkrZA2nnW/lpPo/1cHVFqvWge5jnJ/4ZBpEhnFedfRe9DYnpKQvs
+r/EzZtkCklrL3LjnrrdSg2id29VBWWyG6/SvEl2l53c2Cejo2DNrWBhr1PLslHhr
+l2g19xqlf5h+jeqqeLXSzEbEaAJWhH+uk8xHGfrEQ68jWnS1Dd+aSq/6A/MCIV85
+8b/NamZ+RX6qwGs21f9WXZHEhGCcSiQFHr7vK5YjzpirTt1giZFmQ30duPNB3SsQ
+6MwNWFz4cXtOiSSUE0bJyjNoNDMOh7jPsnbJEfNM5eKzUPRZvk6fMqsCIvPc5JUt
+JOvhSPdrvK7SREDgze79u51sf2sZ79yZ9ryNrCHsnu2heQxnC5PgTTXXULg93I+a
+AHPIgVOk4SG+/bpluOpou0M+teAqvUHtaKVv6+EIebkAhgVpH50EvxMgI2N9ivU7
+SW6hAz1FbPOEZAd2uJhs95AbkUxJPG5ETEAy5JOBdmX2BlJ91PVDt+jF7QB/NH57
+y7Or49b0dietE1YsqvyH8fOJARwEEAECAAYFAlTMdN4ACgkQYK8DaOd3WKjK7Qf9
+EXsoNPndlKjUkzxRe3zFZ+rQmqjI9mz9VQrsoFsYctDvCIel//ScsG3pQT+9Jmp2
+j7a/HhrxDwTdOdWR2za7DdfIM4XtaiVFwboltFx9l9a1X5u+1xUgv7xi9+GHIHxf
+T5FOI/Bquamu6S87o/kYXq6d7ek1nfrsveEfzpCzI9jpiovy1KgupGR1w7dKIOvA
+aqWDcwRM//zvuZudeXziGjGcrGoNL/FQbtVP8haC6ESVugEZcuppV90AbJ9i/syb
+mNx5O0/7FDuLAYtEUbzeMmZhe7OA4FjwlowXi+mYYy+76jbIGq0maaU5h9vIS1g4
+6Tl1lrIsDubHwe/5LGtsTbQtT3dlbiBKYWNvYnNvbiA8b3dlbi5qYWNvYnNvbkB1
+bnJlYXNvbmVudC5jb20+iQEcBBMBCgAGBQJT8kuKAAoJENKxmZ8cUdIjD8gH/iGs
+DAt4tyVOm6zVVyHlo0nggFJTC9dJsaJH+P8K9OIrWlRE461bXHGmiL13KjNaSPyo
++XFz8rq5aK/rEWwHnZWX6PnyLtCaoTbKdB7LvEOhZpacDGrY7fKBdekwzszVzqCL
+s8cBwYRPrUnD0OYPt72qGCMtLaZ3w1Q4dZS8rv5i9LxszUmRwZ407P6r8B5uE5Vm
+mZkJf3Fdme+th4hxG1jsqh9rXBLIlGZnhIXC0Llovgj6bLsMvtpKlC6qHj07+7rH
+GWnz75xvJ6PnKnhxLgJoEzrn0WMaXCyYADTLiLgJr/X+cFkF1/Al6Yx9VbwIWgA1
+uXFRAZTlCRa1Avja1xuJAT0EEwEKACcCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC
+F4AFAlR9+1oFCQHjt30ACgkQUCMpkfEN/9AvfwgAhIKjmchMT5JqBdW9k2LyiOTA
+Iipw5C6UbiAOSWJ+QXzXEwizQIY+0W9xJeID4UCrainfcfS7C07sfL24sx2bDxfE
+di1J2gqu4imtVT8nclXGUancYa7RaWAaqefAKpFUASct2njcIPLCN3HQN09BNVml
+iZ5cbHRSKKc3Eg+yIlIcHRczV5tJnpxzTN0swkHCBNYqWmIq0DTZlg24m7eijYpO
+Sfru304lDbr6psgvPdjr42uBZcTrwqJfXQdw71/JPRbjPVexJfCahFfISZgCaWIK
+thD1bxKRnHs3xLjwUUDl0156mLeGw6ZvGVssRhkWexyONytWAahXWtHzgFByGYkC
+HAQSAQIABgUCU5nlpgAKCRAaK96qaP2zTJHXEAChvXef4fRUUIRAZi/pJaX5yexb
+IgVfGB9+EBbKwJc/Bj58BUXANdIAIUer85gTkqtxjWGbIuUnABgRcHT6x8BgY3Dk
+yAbZZ57r9CxXEnAmzUZFFrSzdIK3yDQbON+Z0zfvozME4OiOP+B8s5uU3jGhzkXZ
+32IBCctfGGgqOfdz58HU/DuDBBOI9z5QRZfgn53xzJXJIIOvuGZMFUr/NqvtUqUq
+EWJWb0rzvbtTzgYS4hv9vtpMj89UWSf5t+0Rikgo9tTgQoIr1y7jLn1B3JQNzJG3
+ngFNUKuBaR6U683MlR2IXsdv3ysUhkPZj+7+Z5ibTzx6V9DnYaKJ9ZkjqVR4Jmdo
+025CDoKuXaCWU5tsAhUxLTi+aGfvgt6cZ1+yy3ICvGbs51cQaaoYnRd4fQtMjWDp
+Rm0Cctr1ShVJb/8XlsbLMnkeOSuIlofQfcIbbktl33fMe3tc+dzGTG26YM9Oss9X
+dB0oew8MLglpz8o28fBEVCkKolW1aKRftUpGiv/qjH8+URdo3XIxnKuzDxTRI63n
+SXPvs9jgPPKnx/Pgbiw2hsEtTQDbvOPRU+32XEnIb557I7nwcMmKCrw0K1AgICz4
+6lGAj/O/IQr7dfS02pmpEItcEwXRr91UzHf3k/kHG46rQX2DF4koXodgy+rDKtDg
+oCRrhh7P8Az0DOMph4kBHAQQAQIABgUCVMx03gAKCRBgrwNo53dYqJspB/9z9dG4
+xsHJ0VtaJwqR15fWvhLHnQHuMXlmS340/czebCuJDXwVuhUMRVURBgbTvIieAWhg
+dO/xyUeRsbAaMQL38wKM5le1NmY1M9QiryVaJaz23oPQlb1WE8NdIOX28Oz8Iug0
+WjaU1H/ZPTbGO7traUyXfpd/Opha3DGnxzap9mnZMLVMTT97Kj+wbRrDwfHw3sg8
+9VlqKkaQJ0sAhGxAzkyBKf+8V63pE3i8ZHTfG36ot5ssUIX+pKeA1ROhmNeHQ9et
+rgBvTSsdXzF5WgegkvgFwjeJ3/d9HFWCZMg/8lJvcLE9GvvAKWh55Vs+6dAXBZo4
+bqTkxeEOd5Bu1asYtCtPd2VuIEphY29ic29uIDxodHRwOi8vdHdpdHRlci5jb20v
+ZGVyc3Bpbnk+iQE9BBMBCgAnBQJUv/G4AhsDBQkB47d9BQsJCAcDBRUKCQgLBRYC
+AwEAAh4BAheAAAoJEFAjKZHxDf/QytgH/i4C6rgXMr1xR+3PPqO/ruWukA+rs9LP
+Kfh/M2fcvPnDFcyDmpP2okL0En0c3HrPMx4983EtMK+10eTxf2nwZfiyId+ze5K2
+lzZmIBEjDfrUon3ls7E3MuRXoqVKhnhywalLynqzE0atFcA9wW6TR0yd/7Q/FWHt
+4r2vNsP7BURUh2BSJ5FZuEK2iJojHIz+dyZURPUE8U9wAFAB0ddwOgcSM85SCNIP
+UNnGU39VVWWrYf1xMDgzYrfX9mlw/6EES1qL7JU/SDlUX584NJuJ5aHZv2r1bglW
+4o9oW7xORb4ABfel4ATuk6MsbJVf1p3EsLlJ87KW3+KEynQN/Ku8MLuJAhwEEgEC
+AAYFAlTGi1AACgkQGiveqmj9s0xeEg/+N8kWlLNd7LxWR5WQF3MQl1QdJm2Z/pox
+xCIQIyqKoeOHfS+NkyFK0E0MKtXR9PHNARxgr2eCFtDV55bjPgQMJTGO1aLOmoDj
+/cXIWiMV52d1Ijw07fZtFGBa/+FsySxzyEe1h8ika/lsfnw0m42UP7IgXezhaZQV
+TwFXfglbjc98XYswIwtprtj+AuZKIR6ig7XveF17bjJkXmOiaYSBDPHxVN2vUaQS
+aLJlaFOtUNn+NioN6HWNUSzuDPVWy9ck3qMj6CgyrGdlGGdqoQHxNN7RLxCywnHP
+KfzWwdX+7asO5dMcMwnHxUHJ+3pVm0myr56Lveica3VAg70N8u99xXCV3Vdx2htu
+0gtz2GlfJQeKuSEGPU+gdK86XFNGV8JM/y0OR4GrTnApsmX/FGgcQZynbBJ2/8UH
+6WA29Lffp+/pz0jilj3hwSsK6wwPN49/m9qszoOPyT8WJhDt0Vj6YA64N8NOzKLq
+XZa4MwnaCZiChjjCPrmElQPcR4RQZwAhm0t+8uw1/6hyZkjHJ5uO/7LsEgxwYCU/
+idqTSf3DQMcvk4MEaWuDwRZ3Nm6tj+F2oaqkqT1LcyB4OYa2PKpgxvLDwSNFmG75
+d7uXJHbAlg6t9ysmWkxah7/L8eNsmU32eXFuNP6detR7zCOLYARaTLe2CWOF0OI/
+8nSng+hSUf+JARwEEAECAAYFAlTMdN4ACgkQYK8DaOd3WKg2BAf/Qn0BNlGfhL/f
+YcTYWgTRkehVBXRaQ/hSjrdcyfMc4IXPeSXrZ8WZUi4QHLauFx1XtKTzVPWx8ggU
+reZPo50wwev1N/iOPvQhh8Q+Y0SNHY1S824AHDjDnLp7+XuBX/oYArtxorUufdxA
+G6jtkSabUm1ucGGs6ccF+UXs4E/NMiVkXfP1GCCm+Upgwhunk/9Mr6BaSJKZLYK3
+3NdwmiNlMLSnVxXBaZHzs/dLdqRKZF11fkRfBWpBaIUjOMEwjuHakoUmDONeDmv7
++DlK46V2jIL2r6f+39XeAsnxvCF5mNJGPGnMMtaEuCqMcDbdQMnZdRE3rqLGQE43
+BPvwCDXvArQjT3dlbiBKYWNvYnNvbiA8aHR0cDovL2dyaW1vaXJlLmNhLz6JAT0E
+EwEKACcFAlS/8c8CGwMFCQHjt30FCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
+UCMpkfEN/9AG0wf+O39YDA32Qrx9VqpKeJhx/m/s6kaux7cDPZmehMQOCts5UAZi
+oXZyDYUWcpHSZJEcmzUnKYO/8xAJSLUQvmVvcEUg2mQ72Xs4OsFta2DMw3tue3OY
+ZZZfhUqkG/zoUGAVYZz3hhTbvTaUMbnVrm1GiRhdAFVrnzSh/AxMV+krB1c0O8h+
+ses2Yk4L1edBVxMqqwzjGBupI/q1NXTnkwXZ7+gBG8XlapuQ309Sa+ufk8W/bo4T
+Q92ZOQReM1b4IdwCX4IwPinT0KAQ0eqVRNCsFYy7KuvkxUoqhHWFXia9QSeuY8E7
+1m59xt4rIiUcEn2i+CWYpydPy6zLTBtqCYY1ookCHAQSAQIABgUCVMaLRgAKCRAa
+K96qaP2zTBqkD/9VkcEyaeYkYrU34oaeWfOR93MZS4DEBIsKjUD0QVTvVb0CLXRU
++92POUCSQlqhv9nF4emrLCjDQTXgW/TmM6gl9UTDGsWMpmfIuTlJcQHGkqhXKN/i
+Egb0Xkutt+q6tnvpgX1lWOBGO6upmVqnQYRcKVdfkArmD3tGoaIZsb/vWOgp4OGY
+DvGYpuaasdkLaBFGPGYEuyofkgrU8ssO4xq9SdGUOhgAkFrl78iTXIpe5VTOy3Lo
+VwWSUv10JKK3Yz+LxlYDUTiXKFm/mkvV6NhZMDMsCyXPJcsGZlpP7fT2JrJJ5Akf
+PMw+6FXTuY54hBtZEze+ukrnhXd8QV7e149UYpMT+9OHYysLRmQ7//2HUsPGwlvQ
+zVTzee2D/LTtFUiwt2b6aU/7yvJRTraqCaZlotOuPM5ZlimbPUTsqahP46Y7NNx/
+oE/vcEAJu+C2r48gcLmf6g9IK5WUEsX8ZcSY/UhTECsMOqQUqmuNRRaqvujLV22V
+5oMKHDb8fzG0Cbgm/qP5o5RpAgCG7iL/xeKfi7XZJ582wpIoV4JJrGjVrzgK0Ljf
+/xntdCL/2hUbxM93+djJFWIaqerAkbzEYznt+N/ZCqSApiDwedukyiJkCPm0Zz1D
+owd29g3SJsUDzroaSAEMRYkMH8EdFeOJFcmrMjQhQJIEypdZ5Ll3JK1v0YkBHAQQ
+AQIABgUCVMx03gAKCRBgrwNo53dYqJfTB/wPZvD8enoGEU4ZeXTXYQ53wYqYF13F
+JNikrmj8Ze+IsYuZprXJKzLRkL2DnbdNW91BudibPJo0DeLiyXGA8pw2IGCllfkp
+a6ZtxalPJWJLAbiOmXzui/HJ2Md1tnSDGfKCZ6MiaQQ0ceKoqOhPP7d3Vtcc5uQk
+zSYQu6SqKmCrjicnu+hWKAT9Iy21wvBCLJkYMit/Bzue7NRV+PwYLdD24ZXwKfny
+P9I33gcxEMIeG6L042NVUY1vsySYrcXRsXyIvYvd2CH1FqQY1GPTcUEQbQH21v5z
+/PtgYv/UCckRJvEJUDE8DCF168FnflVB1ZHLmFNCrcLlrSKwydmuzNIUtCJPd2Vu
+IEphY29ic29uIDxkZXJzcGlueUBnbWFpbC5jb20+iQE9BBMBCgAnBQJUyqInAhsD
+BQkB47d9BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFAjKZHxDf/Q5+8H/2kX
+yOTkDbO2Ik6oH149341k8GiLPiMMSj0WS8OBquBc3Hi+Upr2jOvl5KljkPU3qshb
+O2ry6yLWFC38C3PjIRdBYpUfoUVKAoVRaTUMuO7RGgZuMzQFajMM+dcDZxRsfFoW
+aInjFDxlwqFwF+AAvT9rsK/3t/MF9WdM6B+XhEsApY0zu6xdT8eXM08y3iVoYHbD
+hVs1/czc3qBhG3IJGI1N7dU+fHDpdQSYf8zCifgLGridPQDkqAeLQE6QtoIw/r+I
+NeYuCnl+zrGdlF7yyWlQUGulGUF4XRDt50WIIzAhtrCeVwdV5/EkGmXyA17KU3EP
+KrBWUu00itxZyKljSIqJARwEEAECAAYFAlTMdN4ACgkQYK8DaOd3WKhmNggAlyWL
+vhQdffZpuhL0Wd7Kyz8hB0WxXABQr03WCwtzCY5d+SwvjpI7RvHVRxOLcz6CISXT
+DTVVQXzcYXyENSQSxqiRUEaOl4dlnGXQx/h6KVQ4akBu/hLo/nz5vfiN0YPqa98G
+tT2J1SL0wRX6w6KtMqONmThKoiVYpbl39vjf4PvGzmptUvMSFlq7xHUQ0KGyfya9
+ZdLOZwqmhonwIdL8MIXAZqFpIXaP9az8IX9ecr9Kq02U7P9hNlrM9G8QiSdCEfss
+JS3YPQRso0NjEFdKIyTKwl+hWYyvMJqtRyM6XIi8gbUSIu5GvqZqMkRN8beiRcfg
+2glvXeccQtoLeK7NF7kBDQRTlhJYAQgA16Y1Y1+c7RmV5cpPRr8kn7kp8ecsow6Y
+5A2IFN6kx+cNrkzH0TbEswLTwUQEmYEJfNmBwEy3LJER4IV5MRMZmEwdbwAu/2k7
+DolcNvfeIhbQtWtNq9EuI5meEeQTFf5Lpo4OqcCyPtMy7jE+1bs0f415SMuRZgWE
+btecQNst8BNSV73CGNtatIa535hN2RN4IjiujOs5iDR7U2KNeEe0xfBxOG3JKqJD
+Q9JAKWGE9qY4ZiGQjX9YC/4QOwT+jZQZJHZgL86Sdq07x/d9QA2r6ZGK4kpu1zEf
+ABO+oMUSG+7M5Rqdgf5QOlNEbRT/PocAH4NIbg5JW+VNqgd9n8E+/QARAQABiQEf
+BBgBCgAJAhsMBQJUq17dAAoJEFAjKZHxDf/Q7CIH/2WmlrHQKycRSoLTjav6PXWq
+7Zt2XyvVa+TbgXy/xtvUYhRJLlVSNM8Fux6xnW5ndwwoV41yYKLTdTOkZD3GF8GB
+k01xwThp5T+Xex9jzo97UdMnIrBc8uQSM3LUdH/aivQLQW2cElTQ1EiGA+ytMpHG
+kCbMHm0ZL0ATSuYEJB8ngTl3a3nCUXNH3eDAYaSwCAxtR/97E/VbT8VRdIIuwj74
++8mQwbK0xMJwk3rX3DU5KA7KeRXxrV/pvrrMJpVEVzviHYCdRpna2OEFx7fGTSEv
+5TR10QF6ZmN/hqnihFFDzFM9lOhaAfB1/u7WgYK+KzCTQETvdxYIccjQvryc4E4=
+=EdOy
+-----END PGP PUBLIC KEY BLOCK-----
+</code></pre>
+	</div>
+
+
+	
+<div id="comments">
+<div id="disqus_thread"></div>
+<script type="text/javascript">
+    /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
+    var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname
+
+    /* * * DON'T EDIT BELOW THIS LINE * * */
+    (function() {
+        var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
+        dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js';
+        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+    })();
+</script>
+<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
+<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
+</div>
+
+
+	
+	<div id="footer">
+		<p>
+			
+				The Codex —
+			
+			Powered by <a href="http://markdoc.org/">Markdoc</a>.
+			
+<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg/keys.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/gpg/keys.md">history</a>).
+
+		</p>
+	</div>
+	
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/.html/gpg/terrible.html b/.html/gpg/terrible.html
new file mode 100644
index 0000000..59f4afb
--- /dev/null
+++ b/.html/gpg/terrible.html
@@ -0,0 +1,198 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>
+		The Codex » 
+		GPG Is Terrible
+	</title>
+
+	<link
+		rel='stylesheet'
+		type='text/css'
+		href='http://fonts.googleapis.com/css?family=Buenard:400,700&amp;subset=latin,latin-ext'>
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/reset.css">
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/grimoire.css">
+</head>
+<body>
+
+<div id="shell">
+	
+		<ol id="breadcrumbs">
+			
+				<li class="crumb-0 not-last">
+					
+						<a href="../">index</a>
+					
+				</li>
+			
+				<li class="crumb-1 not-last">
+					
+						<a href="./">gpg</a>
+					
+				</li>
+			
+				<li class="crumb-2 last">
+					
+						terrible
+					
+				</li>
+			
+		</ol>
+	
+
+	
+	<div id="article">
+		<h1 id="gpg-is-terrible">GPG Is Terrible</h1>
+<p>A discussion at work reminded me that I hadn't looked at the state of the art
+for email and communications security in a while. Turns out the options
+haven't changed much: S/MIME, which relies on x.509 PKI and is therefore
+unusable unless you want to pay for a certificate from someone with lots of
+incentives to screw you, or GPG.</p>
+<p>S/MIME in the wild is a total non-starter. GPG, on the other hand, is merely
+really, <em>really</em> bad.</p>
+<p>(You may want to take this with a side of <a href="cool">the other perspective</a>.)</p>
+<h2 id="body-security-and-nothing-else">Body Security And Nothing Else</h2>
+<p>GPG encrypts and signs email message bodies. That's it, that's all it does
+when integrated with email. Email messages contain lots of other useful,
+potentially sensitive data: the subject line, for example. GPG still exposes
+all of the headers for the world to see, and conversely does nothing to
+detect or prevent header tampering by idiot mailers.</p>
+<p>(Yes. Signed headers <em>would</em> mean that mailing lists can no longer inject
+<code>[listname]</code> crud into your messages. Feature, not bug; we should be, and in
+many cases already are, storing that in a header of its own, not littering
+the subject line. We also need to keep improving mail tooling, to better
+handle those headers.)</p>
+<p>In return for doing about half of its One Job, GPG demands a <em>lot</em> from its
+users.</p>
+<h2 id="the-real-name-policy">The Real Name Policy</h2>
+<p>The GPG community has a massive “legal names” fixation. <a href="http://cryptnet.net/fdp/crypto/keysigning_party/en/extra/signing_policy.html">Widespread GPG
+documentation</a>,
+and years of community inertia, stand behind expecting people to put their
+legal name in their GPG key, and conversely expecting people to verify the
+identity in a GPG key (generally by checking government ID) before signing it.</p>
+<p>As the <a href="http://www.jwz.org/blog/2011/08/nym-wars/">#nymwars</a> folks can tell
+you, this policy is harmful and limiting. There are good theoretical reasons
+to validate <em>an</em> identity before using its keys to secure messages, but legal
+identities can be anywhere from awkward to dangerous to use.</p>
+<p>GPG does not <em>technically</em> restrict users from creating autonymous keys, but
+the community at large discourages their use unless they can be traced back
+to some legal identity. Autonyms keys tend to go unsigned by any other key,
+cutting them off from the GPG trust network's validation effect.</p>
+<p>As <a href="https://twitter.com/wlonk/">@wlonk</a> put it:</p>
+<blockquote>
+<p>I care about communicating with the coherent theory of mind behind @so-and-so.</p>
+</blockquote>
+<h2 id="issuing-identities">Issuing Identities</h2>
+<p>GPG makes issuing new identities simultaneously too easy and too hard for users.
+It's hard, because the <em>only</em> way to issue a new identity on an existing key
+(and thus associated with and able to share correspondence with an existing
+identity) requires that the user have access to their personal root key. There's
+no way to create ad-hoc identities and bind them after the fact, making it hard
+to implement opportunistic tools. (OTR's on-demand key generation fails to the
+opposite extreme.) It's easy, because there's no mechanism beyond the web of
+trust itself to vet newly-created keys or identities; the GPG community
+compounds this by demanding that everyone carefully vet legal identities, making
+it <em>very</em> time-consuming to deploy a new name.</p>
+<h2 id="finding-paul-revere">Finding Paul Revere</h2>
+<p>It turns out autonymity in GPG would be pretty fragile even if GPG's user
+community <em>didn't</em> insist on puncturing it at every opportunity, since GPG
+irrevocably publishes the social graph of its users to every keyserver they
+use. You don't even have to publish it yourself; anyone who has a copy of
+your public key can upload a copy for you, revealing to the world the
+identities of everyone who knows you well enough to sign your key, and when
+they signed it.</p>
+<p>A lot of people can be meaningfully identified by that information alone,
+even without publishing their personal identity.</p>
+<h2 id="the-web-of-vulnerable-cas">The Web Of Vulnerable CAs</h2>
+<p>Each GPG user is also a unilateral signing authority. GPG's trust model means
+that a compromised key can be used to confer validity onto <em>any</em> other key,
+compromising potentially many other users by causing them to trust
+illegitimate keys. GPG assumes everyone will be constantly on watch for
+unusual signing activity, and perfectly aware of the safety of their own keys
+at all times.</p>
+<p>Given that the GPG signature graph is largely public, it should be possible to
+moderate signatures using clique analysis, limiting the impact of a trusted
+party who signs inauthentic identities. Unfortunately, GPG makes it challenging
+to implement this by providing almost no support for iteratively deepening the
+local keyring by downloading signers' keys as needed.</p>
+<h2 id="interoperability">Interoperability</h2>
+<p>Sending a GPG-signed message to a non-GPG-using normal human being is a great
+way to confuse the hell out of them. You have two options:</p>
+<ul>
+<li>In-band “cleartext” signing, which litters the email body with technical
+  noise, or</li>
+<li>PGP/MIME, which delivers a meaningless-looking “signature.asc” attachment.</li>
+</ul>
+<p>In both cases, the recipient is left with a bunch of information they (a)
+can't use and (b) can't hide or remove. It might as well say “virus.dat” for
+all the meaning it conveys.</p>
+<p>Some of this is not GPG's fault, exactly, but after over a decade, surely
+either advocacy or compromise with major mail vendors should have been
+possible.</p>
+<p>(Accidentally sending an <em>encrypted</em> email to a non-GPG-using recipient is,
+thankfully, hard enough to be irrelevant unless someone is actively spoofing
+their identity.)</p>
+<h2 id="webmail-need-not-apply">Webmail Need Not Apply</h2>
+<p>Well, unless you want to write the message text in an editor, copy and paste
+it into GPG, and copy and paste the encrypted blob back out into your
+message. (Hope your webmail's online editor doesn't mangle dashes or quotes
+for you!)</p>
+<p>Apparently Google's <a href="https://code.google.com/p/end-to-end/">finally fixing that for Chrome
+users</a>, so that's something.</p>
+<h2 id="mobile-need-not-apply">Mobile Need Not Apply</h2>
+<p><del>Safely distributing GPG keys to mobile applications is more or less
+impossible, and integration with mobile mail applications is nonexistant.
+Hope you only ever read your mail from a Real Computer!</del></p>
+<p>vollkorn points out that the above is inaccurate. He posted a couple of
+options for GPG on Android, and the state of the art for iOS GPG apps is
+apparently better than I was able to find. See <a href="#comment-1422227740">his
+comment</a> for details.</p>
+<h2 id="further-reading">Further Reading</h2>
+<ul>
+<li><a href="http://secushare.org/PGP">Secushare.org's “15 reasons not to start using PGP”</a></li>
+<li><a href="https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html">Mike Perry's “Why the Web of Trust Sucks”</a></li>
+</ul>
+	</div>
+
+
+	
+<div id="comments">
+<div id="disqus_thread"></div>
+<script type="text/javascript">
+    /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
+    var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname
+
+    /* * * DON'T EDIT BELOW THIS LINE * * */
+    (function() {
+        var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
+        dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js';
+        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+    })();
+</script>
+<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
+<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
+</div>
+
+
+	
+	<div id="footer">
+		<p>
+			
+				The Codex —
+			
+			Powered by <a href="http://markdoc.org/">Markdoc</a>.
+			
+<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg/terrible.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/gpg/terrible.md">history</a>).
+
+		</p>
+	</div>
+	
+</div>
+</body>
+</html>
\ No newline at end of file