1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
<!DOCTYPE html>
<html>
<head>
<title>
The Codex »
GPG Is Pretty Cool
</title>
<link
rel='stylesheet'
type='text/css'
href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'>
<link
rel="stylesheet"
type="text/css"
href="../media/css/reset.css">
<link
rel="stylesheet"
type="text/css"
href="../media/css/grimoire.css">
</head>
<body>
<div id="shell">
<ol id="breadcrumbs">
<li class="crumb-0 not-last">
<a href="../">index</a>
</li>
<li class="crumb-1 not-last">
<a href="./">gpg</a>
</li>
<li class="crumb-2 last">
cool
</li>
</ol>
<div id="article">
<h1 id="gpg-is-pretty-cool">GPG Is Pretty Cool</h1>
<p>The GPG software suite is a pretty elegant cryptosystem. It provides:</p>
<ul>
<li>
<p>A standard, well-maintained set of tools for creating and storing keys, and
associating them with identities</p>
</li>
<li>
<p>A suite of reliable tools for encrypting, signing, decrypting, and
verifying data that can be easily assembled into any combination of
integrity checks, authenticity checks, and privacy management</p>
</li>
<li>
<p>A key distribution network that does not rely on hierarchal authority and
that can be bootstrapped from scratch quickly and easily</p>
</li>
</ul>
<p>While GPG <a href="terrible">sucks in a number of important ways</a>, it's also the best
tool we have right now for restoring privacy to private correspondance over
the internet.</p>
<h2 id="code-signing">Code Signing</h2>
<p>Pretty much every Linux distribution relies on GPG for code signing. Rather
than using GPG's web-of-trust model for key distribution, however, code
signing with GPG usually creates a hierarchal PKI so that the root keys can
be shipped with the operating system.</p>
<p>This works shockingly well, and support for GPG is extremely well integrated
into common package management systems such as apt and yum.</p>
<h2 id="source-control">Source Control</h2>
<p>Which is basically code signing, admittedly, but even Git's support for GPG
is basically great. Tools like Fossil embed it even deeper, and work quite
well.</p>
<h2 id="email">Email</h2>
<p>GPG's integration with email is surprisingly clever, follows a number of
long-standing best practices for extending email, and does a <em>very</em> good job
of providing some guarantees that make sense in a not-terribly-long-ago view
of email as a communications medium. In particular, if</p>
<ul>
<li>who you talk to is not a secret, and</li>
<li>what, broadly, you are talking about is not a secret, but</li>
<li>the specifics of the discussion <em>are</em> a secret, and</li>
<li>all participants are using GPG on their own mailers</li>
</ul>
<p>then GPG works brilliantly and modern GPG integration is very effective.</p>
<p>These assumptions pretty accurately reflect the majority of email use up
through the late 90s and early 2000s: technical or personal correspondence
between known acquaintences.</p>
<p>The internet has moved on from email for casual correspondence, but that
doesn't invalidate the elegance of GPG's integration for GPG users.</p>
<h2 id="distributed-verification">Distributed Verification</h2>
<p>Even though GPG's trust model has some serious privacy costs and concerns, it
works as a great proof of concept for CA-free identity management. That's
huge: centralized CAs have even more onerous costs and worse risks than GPG's
trust network, while offering less transparency to help offset those costs.</p>
<p>Others have written some pretty interesting things on how to improve GPG's
trust model and make it less succeptible to errors or key leaks by
small-to-middling numbers of participants. <a href="https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html">This
post</a>
to tor-talk last year is probably the most complete.</p>
</div>
<div id="comments">
<div id="disqus_thread"></div>
<script type="text/javascript">
/* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname
/* * * DON'T EDIT BELOW THIS LINE * * */
(function() {
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js';
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
</div>
<div id="footer">
<p>
The Codex —
Powered by <a href="http://markdoc.org/">Markdoc</a>.
<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg/cool.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/gpg/cool.md">history</a>).
</p>
</div>
</div>
</body>
</html>
|
