diff options
Diffstat (limited to '.html/gpg/cool.html')
| -rw-r--r-- | .html/gpg/cool.html | 146 |
1 files changed, 0 insertions, 146 deletions
diff --git a/.html/gpg/cool.html b/.html/gpg/cool.html deleted file mode 100644 index 528ce0c..0000000 --- a/.html/gpg/cool.html +++ /dev/null @@ -1,146 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - GPG Is Pretty Cool - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">gpg</a> - - </li> - - <li class="crumb-2 last"> - - cool - - </li> - - </ol> - - - - <div id="article"> - <h1 id="gpg-is-pretty-cool">GPG Is Pretty Cool</h1> -<p>The GPG software suite is a pretty elegant cryptosystem. It provides:</p> -<ul> -<li> -<p>A standard, well-maintained set of tools for creating and storing keys, and - associating them with identities</p> -</li> -<li> -<p>A suite of reliable tools for encrypting, signing, decrypting, and - verifying data that can be easily assembled into any combination of - integrity checks, authenticity checks, and privacy management</p> -</li> -<li> -<p>A key distribution network that does not rely on hierarchal authority and - that can be bootstrapped from scratch quickly and easily</p> -</li> -</ul> -<p>While GPG <a href="terrible">sucks in a number of important ways</a>, it's also the best -tool we have right now for restoring privacy to private correspondance over -the internet.</p> -<h2 id="code-signing">Code Signing</h2> -<p>Pretty much every Linux distribution relies on GPG for code signing. Rather -than using GPG's web-of-trust model for key distribution, however, code -signing with GPG usually creates a hierarchal PKI so that the root keys can -be shipped with the operating system.</p> -<p>This works shockingly well, and support for GPG is extremely well integrated -into common package management systems such as apt and yum.</p> -<h2 id="source-control">Source Control</h2> -<p>Which is basically code signing, admittedly, but even Git's support for GPG -is basically great. Tools like Fossil embed it even deeper, and work quite -well.</p> -<h2 id="email">Email</h2> -<p>GPG's integration with email is surprisingly clever, follows a number of -long-standing best practices for extending email, and does a <em>very</em> good job -of providing some guarantees that make sense in a not-terribly-long-ago view -of email as a communications medium. In particular, if</p> -<ul> -<li>who you talk to is not a secret, and</li> -<li>what, broadly, you are talking about is not a secret, but</li> -<li>the specifics of the discussion <em>are</em> a secret, and</li> -<li>all participants are using GPG on their own mailers</li> -</ul> -<p>then GPG works brilliantly and modern GPG integration is very effective.</p> -<p>These assumptions pretty accurately reflect the majority of email use up -through the late 90s and early 2000s: technical or personal correspondence -between known acquaintences.</p> -<p>The internet has moved on from email for casual correspondence, but that -doesn't invalidate the elegance of GPG's integration for GPG users.</p> -<h2 id="distributed-verification">Distributed Verification</h2> -<p>Even though GPG's trust model has some serious privacy costs and concerns, it -works as a great proof of concept for CA-free identity management. That's -huge: centralized CAs have even more onerous costs and worse risks than GPG's -trust network, while offering less transparency to help offset those costs.</p> -<p>Others have written some pretty interesting things on how to improve GPG's -trust model and make it less succeptible to errors or key leaks by -small-to-middling numbers of participants. <a href="https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html">This -post</a> -to tor-talk last year is probably the most complete.</p> - </div> - - - -<div id="comments"> -<div id="disqus_thread"></div> -<script type="text/javascript"> - /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ - var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname - - /* * * DON'T EDIT BELOW THIS LINE * * */ - (function() { - var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; - dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; - (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); - })(); -</script> -<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> -<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> -</div> - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg/cool.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/gpg/cool.md">history</a>). - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file |