diff options
Diffstat (limited to '.html/gpg/cool.html')
| -rw-r--r-- | .html/gpg/cool.html | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/.html/gpg/cool.html b/.html/gpg/cool.html new file mode 100644 index 0000000..528ce0c --- /dev/null +++ b/.html/gpg/cool.html @@ -0,0 +1,146 @@ +<!DOCTYPE html> +<html> +<head> + <title> + The Codex » + GPG Is Pretty Cool + </title> + + <link + rel='stylesheet' + type='text/css' + href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> + <link + rel="stylesheet" + type="text/css" + href="../media/css/reset.css"> + <link + rel="stylesheet" + type="text/css" + href="../media/css/grimoire.css"> +</head> +<body> + +<div id="shell"> + + <ol id="breadcrumbs"> + + <li class="crumb-0 not-last"> + + <a href="../">index</a> + + </li> + + <li class="crumb-1 not-last"> + + <a href="./">gpg</a> + + </li> + + <li class="crumb-2 last"> + + cool + + </li> + + </ol> + + + + <div id="article"> + <h1 id="gpg-is-pretty-cool">GPG Is Pretty Cool</h1> +<p>The GPG software suite is a pretty elegant cryptosystem. It provides:</p> +<ul> +<li> +<p>A standard, well-maintained set of tools for creating and storing keys, and + associating them with identities</p> +</li> +<li> +<p>A suite of reliable tools for encrypting, signing, decrypting, and + verifying data that can be easily assembled into any combination of + integrity checks, authenticity checks, and privacy management</p> +</li> +<li> +<p>A key distribution network that does not rely on hierarchal authority and + that can be bootstrapped from scratch quickly and easily</p> +</li> +</ul> +<p>While GPG <a href="terrible">sucks in a number of important ways</a>, it's also the best +tool we have right now for restoring privacy to private correspondance over +the internet.</p> +<h2 id="code-signing">Code Signing</h2> +<p>Pretty much every Linux distribution relies on GPG for code signing. Rather +than using GPG's web-of-trust model for key distribution, however, code +signing with GPG usually creates a hierarchal PKI so that the root keys can +be shipped with the operating system.</p> +<p>This works shockingly well, and support for GPG is extremely well integrated +into common package management systems such as apt and yum.</p> +<h2 id="source-control">Source Control</h2> +<p>Which is basically code signing, admittedly, but even Git's support for GPG +is basically great. Tools like Fossil embed it even deeper, and work quite +well.</p> +<h2 id="email">Email</h2> +<p>GPG's integration with email is surprisingly clever, follows a number of +long-standing best practices for extending email, and does a <em>very</em> good job +of providing some guarantees that make sense in a not-terribly-long-ago view +of email as a communications medium. In particular, if</p> +<ul> +<li>who you talk to is not a secret, and</li> +<li>what, broadly, you are talking about is not a secret, but</li> +<li>the specifics of the discussion <em>are</em> a secret, and</li> +<li>all participants are using GPG on their own mailers</li> +</ul> +<p>then GPG works brilliantly and modern GPG integration is very effective.</p> +<p>These assumptions pretty accurately reflect the majority of email use up +through the late 90s and early 2000s: technical or personal correspondence +between known acquaintences.</p> +<p>The internet has moved on from email for casual correspondence, but that +doesn't invalidate the elegance of GPG's integration for GPG users.</p> +<h2 id="distributed-verification">Distributed Verification</h2> +<p>Even though GPG's trust model has some serious privacy costs and concerns, it +works as a great proof of concept for CA-free identity management. That's +huge: centralized CAs have even more onerous costs and worse risks than GPG's +trust network, while offering less transparency to help offset those costs.</p> +<p>Others have written some pretty interesting things on how to improve GPG's +trust model and make it less succeptible to errors or key leaks by +small-to-middling numbers of participants. <a href="https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html">This +post</a> +to tor-talk last year is probably the most complete.</p> + </div> + + + +<div id="comments"> +<div id="disqus_thread"></div> +<script type="text/javascript"> + /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ + var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname + + /* * * DON'T EDIT BELOW THIS LINE * * */ + (function() { + var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; + dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; + (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); + })(); +</script> +<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> +<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> +</div> + + + + <div id="footer"> + <p> + + The Codex — + + Powered by <a href="http://markdoc.org/">Markdoc</a>. + +<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg/cool.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/gpg/cool.md">history</a>). + + </p> + </div> + +</div> +</body> +</html>
\ No newline at end of file |