From f82d259e7bda843fb63ac1a0f6ff1d6bfb187099 Mon Sep 17 00:00:00 2001 From: Owen Jacobson Date: Wed, 9 Dec 2015 20:40:42 -0500 Subject: Remove HTML from the project. (We're no longer using Dokku.) --- .html/gpg/_list.html | 92 ---------------- .html/gpg/cool.html | 146 -------------------------- .html/gpg/index.html | 92 ---------------- .html/gpg/keys.html | 271 ------------------------------------------------ .html/gpg/terrible.html | 198 ----------------------------------- 5 files changed, 799 deletions(-) delete mode 100644 .html/gpg/_list.html delete mode 100644 .html/gpg/cool.html delete mode 100644 .html/gpg/index.html delete mode 100644 .html/gpg/keys.html delete mode 100644 .html/gpg/terrible.html (limited to '.html/gpg') diff --git a/.html/gpg/_list.html b/.html/gpg/_list.html deleted file mode 100644 index 8f54701..0000000 --- a/.html/gpg/_list.html +++ /dev/null @@ -1,92 +0,0 @@ - - - - - The Codex » - ls /gpg - - - - - - - - -
- - - - - -
-

ls /gpg

- - - - -
-

Pages

- -
- - - -
- - - - - - - - -
- - \ No newline at end of file diff --git a/.html/gpg/cool.html b/.html/gpg/cool.html deleted file mode 100644 index 528ce0c..0000000 --- a/.html/gpg/cool.html +++ /dev/null @@ -1,146 +0,0 @@ - - - - - The Codex » - GPG Is Pretty Cool - - - - - - - - -
- - - - - -
-

GPG Is Pretty Cool

-

The GPG software suite is a pretty elegant cryptosystem. It provides:

-
    -
  • -

    A standard, well-maintained set of tools for creating and storing keys, and - associating them with identities

    -
    • -
  • -

    A suite of reliable tools for encrypting, signing, decrypting, and - verifying data that can be easily assembled into any combination of - integrity checks, authenticity checks, and privacy management

    -
    • -
  • -

    A key distribution network that does not rely on hierarchal authority and - that can be bootstrapped from scratch quickly and easily

    -
    • -
-

While GPG sucks in a number of important ways, it's also the best -tool we have right now for restoring privacy to private correspondance over -the internet.

-

Code Signing

-

Pretty much every Linux distribution relies on GPG for code signing. Rather -than using GPG's web-of-trust model for key distribution, however, code -signing with GPG usually creates a hierarchal PKI so that the root keys can -be shipped with the operating system.

-

This works shockingly well, and support for GPG is extremely well integrated -into common package management systems such as apt and yum.

-

Source Control

-

Which is basically code signing, admittedly, but even Git's support for GPG -is basically great. Tools like Fossil embed it even deeper, and work quite -well.

-

Email

-

GPG's integration with email is surprisingly clever, follows a number of -long-standing best practices for extending email, and does a very good job -of providing some guarantees that make sense in a not-terribly-long-ago view -of email as a communications medium. In particular, if

-
    -
  • who you talk to is not a secret, and
    • -
  • what, broadly, you are talking about is not a secret, but
    • -
  • the specifics of the discussion are a secret, and
    • -
  • all participants are using GPG on their own mailers
    • -
-

then GPG works brilliantly and modern GPG integration is very effective.

-

These assumptions pretty accurately reflect the majority of email use up -through the late 90s and early 2000s: technical or personal correspondence -between known acquaintences.

-

The internet has moved on from email for casual correspondence, but that -doesn't invalidate the elegance of GPG's integration for GPG users.

-

Distributed Verification

-

Even though GPG's trust model has some serious privacy costs and concerns, it -works as a great proof of concept for CA-free identity management. That's -huge: centralized CAs have even more onerous costs and worse risks than GPG's -trust network, while offering less transparency to help offset those costs.

-

Others have written some pretty interesting things on how to improve GPG's -trust model and make it less succeptible to errors or key leaks by -small-to-middling numbers of participants. This -post -to tor-talk last year is probably the most complete.

-
- - - -
-
- - -comments powered by Disqus -
- - - - - -
- - \ No newline at end of file diff --git a/.html/gpg/index.html b/.html/gpg/index.html deleted file mode 100644 index 8f54701..0000000 --- a/.html/gpg/index.html +++ /dev/null @@ -1,92 +0,0 @@ - - - - - The Codex » - ls /gpg - - - - - - - - -
- - - - - -
-

ls /gpg

- - - - -
-

Pages

- -
- - - -
- - - - - - - - -
- - \ No newline at end of file diff --git a/.html/gpg/keys.html b/.html/gpg/keys.html deleted file mode 100644 index 9fe112b..0000000 --- a/.html/gpg/keys.html +++ /dev/null @@ -1,271 +0,0 @@ - - - - - The Codex » - GPG Keys - - - - - - - - -
- - - - - -
-

GPG Keys

-

If you've read GPG Is Terrible and GPG Is Pretty Cool, -and their references, and for some reason still feel the need to use GPG, my -key fingerprint is 77BD C4F1 6EFD 607E 85AA B639 5023 2991 F10D FFD0. The -key itself is below.

-
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQENBFOWElgBCADSFR0SmdJX5yOFjejxTpjdyc2UwjglM4WqFNne7C9rYkbLGj8U
-y6aVdLop4kFdiZrtuAyJrZnKawZglMar6erBgoNXe3vrbEzopPI1Uev/kY7UHSR+
-dA8EYw50/FOvDYlrJxntvIEfNYskIvhS+c8Y0HSrK9VnKfkfi7hYJP+93sqP/4Lz
-oCnCWQCJSOaOdpora241/bsEU7w8MCiexCdm2NaPc6q445K5XAO5CoLkTwcJxJHM
-xbPH7prSgqdDz5Y00hUDqm+ByLCMVyAFu4/6sEMWZMaOIIEh0a/kpD+xJVkXKszh
-5SsLNZ5oADj9DWHvFoemj1gOixzYlEMdqL3PABEBAAG0KU93ZW4gSmFjb2Jzb24g
-PG93ZW4uamFjb2Jzb25AZ3JpbW9pcmUuY2E+iQEcBBMBCgAGBQJT8kqMAAoJENKx
-mZ8cUdIj7jIIAIamt/VdAr9BB835knMQ48QQaqQr1KrpvL8QCMWen/lcgMBz5FSM
-ZmPImroQKakjKqNbJV5OLKOZGQxNNGxOSP6WSbUEDCiP1J4XddTCogPH2ePL0g+y
-YjoaO24uY6VIjNaY9plf8DQqD3gkcZBX0QjVT+q3MxvhFG8Ox4S+kXDV5qYXDLiB
-PZM1Jv1PDY777Ml6J1Zv4z5oveaKVZfCjdJ7h00QQ+nnKBWIeE4rqqNwtCnM0SoX
-T5zlogZKdCK9mTFzmTMaVmASjYO7xWhIy3bSy2Ke/cyCup2zdc/IhLJio4D/2HRm
-DURsMj8MhIJN4eJymtGw2VQYB300k0cSUWuJAUAEEwEKACoCGwMFCwkIBwMFFQoJ
-CAsFFgIDAQACHgECF4ACGQEFAlR9+1UFCQHjt30ACgkQUCMpkfEN/9AnYwgAju6I
-dWaWEdujxXJS+d2I2bsfraoxu0wlltlX4Z5MDh8h2OAV90fQKJTXx4mSzYgmGL0v
-/2RMnBciSQWskmpHMBGY+dLi0uIb5WOeqttUoLMyq/L7ENhCksKgI/g6RqWCM7+W
-M6LjA09GcCLZMSpZ2xpDyjibtJh4WaO+h+JT6O0UonhMszGgeUf4UH5zIvmkA+Su
-b4mG8tQtBwqEjikXhMsOa27dWj+f+c0Oth3WwFBTfbucw0aSkwDC3L9geyKInJGZ
-W2IC5f7gXJ8MID/aDKNrAOLRGJpqv7d+LZhtyNx6MUh+mNmwplYytEmqdmz2fWss
-l+8arRPUbjA5QdQlH4kCHAQSAQIABgUCU5nlmQAKCRAaK96qaP2zTPShEACNaECa
-WC4qUT+5SJsVPU3skeWd+jp7FVk1P2+IU6pIbB65F04Q+vDbYPR6WVjtuqoxLd5D
-QYcTsUlOE7k1LQlel3FU/8PH0QfhOw6/VMnFpprYns9QISQVuvQUHgl6kWMh2CiJ
-cBB0XQnd7DwRfdR79sOr6UHNBZGYbcKjgq67qq2H7oGuBfzAihYx0ZaJPBGb2QC9
-Efy2xYnEKWHaeI5FpjjcaZKftAe7kDL9T0zMdEicH5txbYNDVB5gBNyhhHakBakl
-phb2rnnbtwsk4pEaPYq/eNxwv/VcJypySlRk+eCCHDlWUhbgRlmr4600EdFNnmCF
-y3rA4nYX9kLu/JYzBwj4VCNkJYDyTCdSCnv8zoLJ/bBFWUEmX0Pvz6gIEQ2Tr5D6
-4t3dn4fIHcdDXAyZb4xj0jJoG+ebDp9uezm1/KFQo7N45yYvWXZGhM515YQZ09nU
-KTgjE1v5H5NThEsw8pn0a6mi+mcHq/V8Au5/EQwh/Ch2KEquQ/MSjCsGOoJOgQTc
-+XrzmhUkd2ukxVPXvXE8G+/khT+RRGs6Fttc7b8op/TuTdZCKK+xskyAzmAfc7BB
-RbxVckQs77B3sFJgzgFpxNOuHwVkJN0ZQSTe84DVN80b8JGXrnuCf9EYQiAF4Vw9
-JVorLLif999+JZ3wlGqDTWqeUtElzZfP38ftmYkBHAQQAQIABgUCVMx03gAKCRBg
-rwNo53dYqIvXB/9jGFivwG+s0tMdYB1HJ6OdxRu5cOnBRZNwxJP14VQ0dQlW+Ypv
-cQu0iVb0hA3L/80fw4rx1ul5yrxS6chUUcC1Kz7hIapWa2uMluUZYAfvGTutZ9g1
-uRJzW8+DkMYNowc4wpuprAZqxhcMbjcSomhROBphl7o8kcrn2eNbCIkV/oEE/8Yi
-e01vrDaBsqbH0PcHlP0WK05dswF7VYZLOa7RzUnTXTRRewE5XwzOgBDMWigRWlJv
-wtcgAXUTTzH68G8gmN5TZVw5MMwrKOSfAOLQ0H+R/sdfK/zqLUrTkt//Rdyedh4s
-urNJxtbFgHhv3izZx4gUBkmZzgKbPXqhGfqjtCZPd2VuIEphY29ic29uIDxhbmdy
-eWJhbGRndXlAZ21haWwuY29tPokBHAQTAQoABgUCU/JKmAAKCRDSsZmfHFHSI2n1
-CACDZwumtVBJ6eGS6rySvj+lgH0HDX0KpdL/I0a3N7a/G/xGgJLBdn/vBaSNnvr8
-jAbdUXKMTMbd3Y0VxDFFS0u9lbiryjaljCaNFydXK+auY4HzE0PoOfTb5iPMyfXt
-O3e+CmyAfhP5Q5Tz+HP8gWhi1IvC1UGbfe0VTepUgssw02WHEb8zZ3rOvDpCBFdX
-YUvwbw1lkUyvlrc3hBGsOrWqIqlRO8TR2tgZakThkfgVIZi+ZfZKfmSgHzjnb/xM
-XF7hT/qdCkcSklxSGUTP434nxwVhhr1dEQYP+soaMliusuBO05wJoxQvtav9FGNd
-tteAi24RT+aT9JYQ2UtBXxMYiQE9BBMBCgAnAhsDBQsJCAcDBRUKCQgLBRYCAwEA
-Ah4BAheABQJUfftaBQkB47d9AAoJEFAjKZHxDf/QLzAH/1r5JGeD7jf5+vMKNyLj
-DXcnbALFe1XyD2tXNQSsj2SDKL3FQmzpFuL5O2XXk6xbCGja2daaDyWvo/FMYg9t
-a1DEmPxeWhiFjb1faxya5OA7Be+wqEf7184AK0wO2iTS8ZydOYiibaPBkIC7LPSK
-TPFOHuB0OMKBfAyhRe0z404yxX9DoArU6MsBdxndLdgG0Z5s8EzBme+TsV5Y/cNt
-+zx0a/+N3CdFZw5eyNM+bzsO/OiSxma9k4rSqMSm/whuiGydRwefufXwJZPITfPB
-o0itsZ+r7HBiBY6QR+qqiRjwWGqA6DPuOSRwdObM7XNMc2kvRg4P5w+UPH+y6VPe
-C9yJAhwEEgECAAYFAlOZ5aYACgkQGiveqmj9s0z0Fg//cnnBLqytM02vmj7ltvJe
-EjdOjwooa8TXGLnkjWqdRtzPCPsCeUWuIJyvsoJDxv5eGkI3MRD5b+2JxE2C+iU6
-NKWE1tbaPnvVn61RgLvi2mDo2j5nHa/AfrLubONWFydwZTc5tsNFvURr7zGWIoac
-G01YApHu0JpmUkrZA2nnW/lpPo/1cHVFqvWge5jnJ/4ZBpEhnFedfRe9DYnpKQvs
-r/EzZtkCklrL3LjnrrdSg2id29VBWWyG6/SvEl2l53c2Cejo2DNrWBhr1PLslHhr
-l2g19xqlf5h+jeqqeLXSzEbEaAJWhH+uk8xHGfrEQ68jWnS1Dd+aSq/6A/MCIV85
-8b/NamZ+RX6qwGs21f9WXZHEhGCcSiQFHr7vK5YjzpirTt1giZFmQ30duPNB3SsQ
-6MwNWFz4cXtOiSSUE0bJyjNoNDMOh7jPsnbJEfNM5eKzUPRZvk6fMqsCIvPc5JUt
-JOvhSPdrvK7SREDgze79u51sf2sZ79yZ9ryNrCHsnu2heQxnC5PgTTXXULg93I+a
-AHPIgVOk4SG+/bpluOpou0M+teAqvUHtaKVv6+EIebkAhgVpH50EvxMgI2N9ivU7
-SW6hAz1FbPOEZAd2uJhs95AbkUxJPG5ETEAy5JOBdmX2BlJ91PVDt+jF7QB/NH57
-y7Or49b0dietE1YsqvyH8fOJARwEEAECAAYFAlTMdN4ACgkQYK8DaOd3WKjK7Qf9
-EXsoNPndlKjUkzxRe3zFZ+rQmqjI9mz9VQrsoFsYctDvCIel//ScsG3pQT+9Jmp2
-j7a/HhrxDwTdOdWR2za7DdfIM4XtaiVFwboltFx9l9a1X5u+1xUgv7xi9+GHIHxf
-T5FOI/Bquamu6S87o/kYXq6d7ek1nfrsveEfzpCzI9jpiovy1KgupGR1w7dKIOvA
-aqWDcwRM//zvuZudeXziGjGcrGoNL/FQbtVP8haC6ESVugEZcuppV90AbJ9i/syb
-mNx5O0/7FDuLAYtEUbzeMmZhe7OA4FjwlowXi+mYYy+76jbIGq0maaU5h9vIS1g4
-6Tl1lrIsDubHwe/5LGtsTbQtT3dlbiBKYWNvYnNvbiA8b3dlbi5qYWNvYnNvbkB1
-bnJlYXNvbmVudC5jb20+iQEcBBMBCgAGBQJT8kuKAAoJENKxmZ8cUdIjD8gH/iGs
-DAt4tyVOm6zVVyHlo0nggFJTC9dJsaJH+P8K9OIrWlRE461bXHGmiL13KjNaSPyo
-+XFz8rq5aK/rEWwHnZWX6PnyLtCaoTbKdB7LvEOhZpacDGrY7fKBdekwzszVzqCL
-s8cBwYRPrUnD0OYPt72qGCMtLaZ3w1Q4dZS8rv5i9LxszUmRwZ407P6r8B5uE5Vm
-mZkJf3Fdme+th4hxG1jsqh9rXBLIlGZnhIXC0Llovgj6bLsMvtpKlC6qHj07+7rH
-GWnz75xvJ6PnKnhxLgJoEzrn0WMaXCyYADTLiLgJr/X+cFkF1/Al6Yx9VbwIWgA1
-uXFRAZTlCRa1Avja1xuJAT0EEwEKACcCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC
-F4AFAlR9+1oFCQHjt30ACgkQUCMpkfEN/9AvfwgAhIKjmchMT5JqBdW9k2LyiOTA
-Iipw5C6UbiAOSWJ+QXzXEwizQIY+0W9xJeID4UCrainfcfS7C07sfL24sx2bDxfE
-di1J2gqu4imtVT8nclXGUancYa7RaWAaqefAKpFUASct2njcIPLCN3HQN09BNVml
-iZ5cbHRSKKc3Eg+yIlIcHRczV5tJnpxzTN0swkHCBNYqWmIq0DTZlg24m7eijYpO
-Sfru304lDbr6psgvPdjr42uBZcTrwqJfXQdw71/JPRbjPVexJfCahFfISZgCaWIK
-thD1bxKRnHs3xLjwUUDl0156mLeGw6ZvGVssRhkWexyONytWAahXWtHzgFByGYkC
-HAQSAQIABgUCU5nlpgAKCRAaK96qaP2zTJHXEAChvXef4fRUUIRAZi/pJaX5yexb
-IgVfGB9+EBbKwJc/Bj58BUXANdIAIUer85gTkqtxjWGbIuUnABgRcHT6x8BgY3Dk
-yAbZZ57r9CxXEnAmzUZFFrSzdIK3yDQbON+Z0zfvozME4OiOP+B8s5uU3jGhzkXZ
-32IBCctfGGgqOfdz58HU/DuDBBOI9z5QRZfgn53xzJXJIIOvuGZMFUr/NqvtUqUq
-EWJWb0rzvbtTzgYS4hv9vtpMj89UWSf5t+0Rikgo9tTgQoIr1y7jLn1B3JQNzJG3
-ngFNUKuBaR6U683MlR2IXsdv3ysUhkPZj+7+Z5ibTzx6V9DnYaKJ9ZkjqVR4Jmdo
-025CDoKuXaCWU5tsAhUxLTi+aGfvgt6cZ1+yy3ICvGbs51cQaaoYnRd4fQtMjWDp
-Rm0Cctr1ShVJb/8XlsbLMnkeOSuIlofQfcIbbktl33fMe3tc+dzGTG26YM9Oss9X
-dB0oew8MLglpz8o28fBEVCkKolW1aKRftUpGiv/qjH8+URdo3XIxnKuzDxTRI63n
-SXPvs9jgPPKnx/Pgbiw2hsEtTQDbvOPRU+32XEnIb557I7nwcMmKCrw0K1AgICz4
-6lGAj/O/IQr7dfS02pmpEItcEwXRr91UzHf3k/kHG46rQX2DF4koXodgy+rDKtDg
-oCRrhh7P8Az0DOMph4kBHAQQAQIABgUCVMx03gAKCRBgrwNo53dYqJspB/9z9dG4
-xsHJ0VtaJwqR15fWvhLHnQHuMXlmS340/czebCuJDXwVuhUMRVURBgbTvIieAWhg
-dO/xyUeRsbAaMQL38wKM5le1NmY1M9QiryVaJaz23oPQlb1WE8NdIOX28Oz8Iug0
-WjaU1H/ZPTbGO7traUyXfpd/Opha3DGnxzap9mnZMLVMTT97Kj+wbRrDwfHw3sg8
-9VlqKkaQJ0sAhGxAzkyBKf+8V63pE3i8ZHTfG36ot5ssUIX+pKeA1ROhmNeHQ9et
-rgBvTSsdXzF5WgegkvgFwjeJ3/d9HFWCZMg/8lJvcLE9GvvAKWh55Vs+6dAXBZo4
-bqTkxeEOd5Bu1asYtCtPd2VuIEphY29ic29uIDxodHRwOi8vdHdpdHRlci5jb20v
-ZGVyc3Bpbnk+iQE9BBMBCgAnBQJUv/G4AhsDBQkB47d9BQsJCAcDBRUKCQgLBRYC
-AwEAAh4BAheAAAoJEFAjKZHxDf/QytgH/i4C6rgXMr1xR+3PPqO/ruWukA+rs9LP
-Kfh/M2fcvPnDFcyDmpP2okL0En0c3HrPMx4983EtMK+10eTxf2nwZfiyId+ze5K2
-lzZmIBEjDfrUon3ls7E3MuRXoqVKhnhywalLynqzE0atFcA9wW6TR0yd/7Q/FWHt
-4r2vNsP7BURUh2BSJ5FZuEK2iJojHIz+dyZURPUE8U9wAFAB0ddwOgcSM85SCNIP
-UNnGU39VVWWrYf1xMDgzYrfX9mlw/6EES1qL7JU/SDlUX584NJuJ5aHZv2r1bglW
-4o9oW7xORb4ABfel4ATuk6MsbJVf1p3EsLlJ87KW3+KEynQN/Ku8MLuJAhwEEgEC
-AAYFAlTGi1AACgkQGiveqmj9s0xeEg/+N8kWlLNd7LxWR5WQF3MQl1QdJm2Z/pox
-xCIQIyqKoeOHfS+NkyFK0E0MKtXR9PHNARxgr2eCFtDV55bjPgQMJTGO1aLOmoDj
-/cXIWiMV52d1Ijw07fZtFGBa/+FsySxzyEe1h8ika/lsfnw0m42UP7IgXezhaZQV
-TwFXfglbjc98XYswIwtprtj+AuZKIR6ig7XveF17bjJkXmOiaYSBDPHxVN2vUaQS
-aLJlaFOtUNn+NioN6HWNUSzuDPVWy9ck3qMj6CgyrGdlGGdqoQHxNN7RLxCywnHP
-KfzWwdX+7asO5dMcMwnHxUHJ+3pVm0myr56Lveica3VAg70N8u99xXCV3Vdx2htu
-0gtz2GlfJQeKuSEGPU+gdK86XFNGV8JM/y0OR4GrTnApsmX/FGgcQZynbBJ2/8UH
-6WA29Lffp+/pz0jilj3hwSsK6wwPN49/m9qszoOPyT8WJhDt0Vj6YA64N8NOzKLq
-XZa4MwnaCZiChjjCPrmElQPcR4RQZwAhm0t+8uw1/6hyZkjHJ5uO/7LsEgxwYCU/
-idqTSf3DQMcvk4MEaWuDwRZ3Nm6tj+F2oaqkqT1LcyB4OYa2PKpgxvLDwSNFmG75
-d7uXJHbAlg6t9ysmWkxah7/L8eNsmU32eXFuNP6detR7zCOLYARaTLe2CWOF0OI/
-8nSng+hSUf+JARwEEAECAAYFAlTMdN4ACgkQYK8DaOd3WKg2BAf/Qn0BNlGfhL/f
-YcTYWgTRkehVBXRaQ/hSjrdcyfMc4IXPeSXrZ8WZUi4QHLauFx1XtKTzVPWx8ggU
-reZPo50wwev1N/iOPvQhh8Q+Y0SNHY1S824AHDjDnLp7+XuBX/oYArtxorUufdxA
-G6jtkSabUm1ucGGs6ccF+UXs4E/NMiVkXfP1GCCm+Upgwhunk/9Mr6BaSJKZLYK3
-3NdwmiNlMLSnVxXBaZHzs/dLdqRKZF11fkRfBWpBaIUjOMEwjuHakoUmDONeDmv7
-+DlK46V2jIL2r6f+39XeAsnxvCF5mNJGPGnMMtaEuCqMcDbdQMnZdRE3rqLGQE43
-BPvwCDXvArQjT3dlbiBKYWNvYnNvbiA8aHR0cDovL2dyaW1vaXJlLmNhLz6JAT0E
-EwEKACcFAlS/8c8CGwMFCQHjt30FCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
-UCMpkfEN/9AG0wf+O39YDA32Qrx9VqpKeJhx/m/s6kaux7cDPZmehMQOCts5UAZi
-oXZyDYUWcpHSZJEcmzUnKYO/8xAJSLUQvmVvcEUg2mQ72Xs4OsFta2DMw3tue3OY
-ZZZfhUqkG/zoUGAVYZz3hhTbvTaUMbnVrm1GiRhdAFVrnzSh/AxMV+krB1c0O8h+
-ses2Yk4L1edBVxMqqwzjGBupI/q1NXTnkwXZ7+gBG8XlapuQ309Sa+ufk8W/bo4T
-Q92ZOQReM1b4IdwCX4IwPinT0KAQ0eqVRNCsFYy7KuvkxUoqhHWFXia9QSeuY8E7
-1m59xt4rIiUcEn2i+CWYpydPy6zLTBtqCYY1ookCHAQSAQIABgUCVMaLRgAKCRAa
-K96qaP2zTBqkD/9VkcEyaeYkYrU34oaeWfOR93MZS4DEBIsKjUD0QVTvVb0CLXRU
-+92POUCSQlqhv9nF4emrLCjDQTXgW/TmM6gl9UTDGsWMpmfIuTlJcQHGkqhXKN/i
-Egb0Xkutt+q6tnvpgX1lWOBGO6upmVqnQYRcKVdfkArmD3tGoaIZsb/vWOgp4OGY
-DvGYpuaasdkLaBFGPGYEuyofkgrU8ssO4xq9SdGUOhgAkFrl78iTXIpe5VTOy3Lo
-VwWSUv10JKK3Yz+LxlYDUTiXKFm/mkvV6NhZMDMsCyXPJcsGZlpP7fT2JrJJ5Akf
-PMw+6FXTuY54hBtZEze+ukrnhXd8QV7e149UYpMT+9OHYysLRmQ7//2HUsPGwlvQ
-zVTzee2D/LTtFUiwt2b6aU/7yvJRTraqCaZlotOuPM5ZlimbPUTsqahP46Y7NNx/
-oE/vcEAJu+C2r48gcLmf6g9IK5WUEsX8ZcSY/UhTECsMOqQUqmuNRRaqvujLV22V
-5oMKHDb8fzG0Cbgm/qP5o5RpAgCG7iL/xeKfi7XZJ582wpIoV4JJrGjVrzgK0Ljf
-/xntdCL/2hUbxM93+djJFWIaqerAkbzEYznt+N/ZCqSApiDwedukyiJkCPm0Zz1D
-owd29g3SJsUDzroaSAEMRYkMH8EdFeOJFcmrMjQhQJIEypdZ5Ll3JK1v0YkBHAQQ
-AQIABgUCVMx03gAKCRBgrwNo53dYqJfTB/wPZvD8enoGEU4ZeXTXYQ53wYqYF13F
-JNikrmj8Ze+IsYuZprXJKzLRkL2DnbdNW91BudibPJo0DeLiyXGA8pw2IGCllfkp
-a6ZtxalPJWJLAbiOmXzui/HJ2Md1tnSDGfKCZ6MiaQQ0ceKoqOhPP7d3Vtcc5uQk
-zSYQu6SqKmCrjicnu+hWKAT9Iy21wvBCLJkYMit/Bzue7NRV+PwYLdD24ZXwKfny
-P9I33gcxEMIeG6L042NVUY1vsySYrcXRsXyIvYvd2CH1FqQY1GPTcUEQbQH21v5z
-/PtgYv/UCckRJvEJUDE8DCF168FnflVB1ZHLmFNCrcLlrSKwydmuzNIUtCJPd2Vu
-IEphY29ic29uIDxkZXJzcGlueUBnbWFpbC5jb20+iQE9BBMBCgAnBQJUyqInAhsD
-BQkB47d9BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFAjKZHxDf/Q5+8H/2kX
-yOTkDbO2Ik6oH149341k8GiLPiMMSj0WS8OBquBc3Hi+Upr2jOvl5KljkPU3qshb
-O2ry6yLWFC38C3PjIRdBYpUfoUVKAoVRaTUMuO7RGgZuMzQFajMM+dcDZxRsfFoW
-aInjFDxlwqFwF+AAvT9rsK/3t/MF9WdM6B+XhEsApY0zu6xdT8eXM08y3iVoYHbD
-hVs1/czc3qBhG3IJGI1N7dU+fHDpdQSYf8zCifgLGridPQDkqAeLQE6QtoIw/r+I
-NeYuCnl+zrGdlF7yyWlQUGulGUF4XRDt50WIIzAhtrCeVwdV5/EkGmXyA17KU3EP
-KrBWUu00itxZyKljSIqJARwEEAECAAYFAlTMdN4ACgkQYK8DaOd3WKhmNggAlyWL
-vhQdffZpuhL0Wd7Kyz8hB0WxXABQr03WCwtzCY5d+SwvjpI7RvHVRxOLcz6CISXT
-DTVVQXzcYXyENSQSxqiRUEaOl4dlnGXQx/h6KVQ4akBu/hLo/nz5vfiN0YPqa98G
-tT2J1SL0wRX6w6KtMqONmThKoiVYpbl39vjf4PvGzmptUvMSFlq7xHUQ0KGyfya9
-ZdLOZwqmhonwIdL8MIXAZqFpIXaP9az8IX9ecr9Kq02U7P9hNlrM9G8QiSdCEfss
-JS3YPQRso0NjEFdKIyTKwl+hWYyvMJqtRyM6XIi8gbUSIu5GvqZqMkRN8beiRcfg
-2glvXeccQtoLeK7NF7kBDQRTlhJYAQgA16Y1Y1+c7RmV5cpPRr8kn7kp8ecsow6Y
-5A2IFN6kx+cNrkzH0TbEswLTwUQEmYEJfNmBwEy3LJER4IV5MRMZmEwdbwAu/2k7
-DolcNvfeIhbQtWtNq9EuI5meEeQTFf5Lpo4OqcCyPtMy7jE+1bs0f415SMuRZgWE
-btecQNst8BNSV73CGNtatIa535hN2RN4IjiujOs5iDR7U2KNeEe0xfBxOG3JKqJD
-Q9JAKWGE9qY4ZiGQjX9YC/4QOwT+jZQZJHZgL86Sdq07x/d9QA2r6ZGK4kpu1zEf
-ABO+oMUSG+7M5Rqdgf5QOlNEbRT/PocAH4NIbg5JW+VNqgd9n8E+/QARAQABiQEf
-BBgBCgAJAhsMBQJUq17dAAoJEFAjKZHxDf/Q7CIH/2WmlrHQKycRSoLTjav6PXWq
-7Zt2XyvVa+TbgXy/xtvUYhRJLlVSNM8Fux6xnW5ndwwoV41yYKLTdTOkZD3GF8GB
-k01xwThp5T+Xex9jzo97UdMnIrBc8uQSM3LUdH/aivQLQW2cElTQ1EiGA+ytMpHG
-kCbMHm0ZL0ATSuYEJB8ngTl3a3nCUXNH3eDAYaSwCAxtR/97E/VbT8VRdIIuwj74
-+8mQwbK0xMJwk3rX3DU5KA7KeRXxrV/pvrrMJpVEVzviHYCdRpna2OEFx7fGTSEv
-5TR10QF6ZmN/hqnihFFDzFM9lOhaAfB1/u7WgYK+KzCTQETvdxYIccjQvryc4E4=
-=EdOy
------END PGP PUBLIC KEY BLOCK-----
-
-
- - - -
-
- - -comments powered by Disqus -
- - - - - -
- - \ No newline at end of file diff --git a/.html/gpg/terrible.html b/.html/gpg/terrible.html deleted file mode 100644 index 59f4afb..0000000 --- a/.html/gpg/terrible.html +++ /dev/null @@ -1,198 +0,0 @@ - - - - - The Codex » - GPG Is Terrible - - - - - - - - -
- - - - - -
-

GPG Is Terrible

-

A discussion at work reminded me that I hadn't looked at the state of the art -for email and communications security in a while. Turns out the options -haven't changed much: S/MIME, which relies on x.509 PKI and is therefore -unusable unless you want to pay for a certificate from someone with lots of -incentives to screw you, or GPG.

-

S/MIME in the wild is a total non-starter. GPG, on the other hand, is merely -really, really bad.

-

(You may want to take this with a side of the other perspective.)

-

Body Security And Nothing Else

-

GPG encrypts and signs email message bodies. That's it, that's all it does -when integrated with email. Email messages contain lots of other useful, -potentially sensitive data: the subject line, for example. GPG still exposes -all of the headers for the world to see, and conversely does nothing to -detect or prevent header tampering by idiot mailers.

-

(Yes. Signed headers would mean that mailing lists can no longer inject -[listname] crud into your messages. Feature, not bug; we should be, and in -many cases already are, storing that in a header of its own, not littering -the subject line. We also need to keep improving mail tooling, to better -handle those headers.)

-

In return for doing about half of its One Job, GPG demands a lot from its -users.

-

The Real Name Policy

-

The GPG community has a massive “legal names” fixation. Widespread GPG -documentation, -and years of community inertia, stand behind expecting people to put their -legal name in their GPG key, and conversely expecting people to verify the -identity in a GPG key (generally by checking government ID) before signing it.

-

As the #nymwars folks can tell -you, this policy is harmful and limiting. There are good theoretical reasons -to validate an identity before using its keys to secure messages, but legal -identities can be anywhere from awkward to dangerous to use.

-

GPG does not technically restrict users from creating autonymous keys, but -the community at large discourages their use unless they can be traced back -to some legal identity. Autonyms keys tend to go unsigned by any other key, -cutting them off from the GPG trust network's validation effect.

-

As @wlonk put it:

-
-

I care about communicating with the coherent theory of mind behind @so-and-so.

-
-

Issuing Identities

-

GPG makes issuing new identities simultaneously too easy and too hard for users. -It's hard, because the only way to issue a new identity on an existing key -(and thus associated with and able to share correspondence with an existing -identity) requires that the user have access to their personal root key. There's -no way to create ad-hoc identities and bind them after the fact, making it hard -to implement opportunistic tools. (OTR's on-demand key generation fails to the -opposite extreme.) It's easy, because there's no mechanism beyond the web of -trust itself to vet newly-created keys or identities; the GPG community -compounds this by demanding that everyone carefully vet legal identities, making -it very time-consuming to deploy a new name.

-

Finding Paul Revere

-

It turns out autonymity in GPG would be pretty fragile even if GPG's user -community didn't insist on puncturing it at every opportunity, since GPG -irrevocably publishes the social graph of its users to every keyserver they -use. You don't even have to publish it yourself; anyone who has a copy of -your public key can upload a copy for you, revealing to the world the -identities of everyone who knows you well enough to sign your key, and when -they signed it.

-

A lot of people can be meaningfully identified by that information alone, -even without publishing their personal identity.

-

The Web Of Vulnerable CAs

-

Each GPG user is also a unilateral signing authority. GPG's trust model means -that a compromised key can be used to confer validity onto any other key, -compromising potentially many other users by causing them to trust -illegitimate keys. GPG assumes everyone will be constantly on watch for -unusual signing activity, and perfectly aware of the safety of their own keys -at all times.

-

Given that the GPG signature graph is largely public, it should be possible to -moderate signatures using clique analysis, limiting the impact of a trusted -party who signs inauthentic identities. Unfortunately, GPG makes it challenging -to implement this by providing almost no support for iteratively deepening the -local keyring by downloading signers' keys as needed.

-

Interoperability

-

Sending a GPG-signed message to a non-GPG-using normal human being is a great -way to confuse the hell out of them. You have two options:

-
    -
  • In-band “cleartext” signing, which litters the email body with technical - noise, or
    • -
  • PGP/MIME, which delivers a meaningless-looking “signature.asc” attachment.
    • -
-

In both cases, the recipient is left with a bunch of information they (a) -can't use and (b) can't hide or remove. It might as well say “virus.dat” for -all the meaning it conveys.

-

Some of this is not GPG's fault, exactly, but after over a decade, surely -either advocacy or compromise with major mail vendors should have been -possible.

-

(Accidentally sending an encrypted email to a non-GPG-using recipient is, -thankfully, hard enough to be irrelevant unless someone is actively spoofing -their identity.)

-

Webmail Need Not Apply

-

Well, unless you want to write the message text in an editor, copy and paste -it into GPG, and copy and paste the encrypted blob back out into your -message. (Hope your webmail's online editor doesn't mangle dashes or quotes -for you!)

-

Apparently Google's finally fixing that for Chrome -users, so that's something.

-

Mobile Need Not Apply

-

Safely distributing GPG keys to mobile applications is more or less -impossible, and integration with mobile mail applications is nonexistant. -Hope you only ever read your mail from a Real Computer!

-

vollkorn points out that the above is inaccurate. He posted a couple of -options for GPG on Android, and the state of the art for iOS GPG apps is -apparently better than I was able to find. See his -comment for details.

-

Further Reading

- -
- - - -
-
- - -comments powered by Disqus -
- - - - - -
- - \ No newline at end of file -- cgit v1.2.3