Public
- Public
- Groups
- Recent tags
- Popular
- Directory

Conversation:

Notices

Joshua Judson Rosen (rozzin)'s status on Tuesday, 22-Mar-2016 23:17:35 EDT Joshua Judson Rosen

Met a bunch of awesome people at #lp2016. And few... #interesting ones. Like the one who refused to sign my #PGP key because she thought I was a government spook... because I claimed to be from #NH but "didn't know that *every* FreeStater is (obviously) #crypto savvy enough to sign PGP keys... since most of them use #bitcoin as their only currency... so they can remain anonymous". #wtf #notevenwrong

Tuesday, 22-Mar-2016 23:17:35 EDT from web permalink
- windigo and MMN-o ✅⃠ like this.
- Joshua Judson Rosen (rozzin)'s status on Wednesday, 23-Mar-2016 19:06:10 EDT Joshua Judson Rosen
  
  I do wonder if there was at least any cogence in the "I don't sign spooks' keys" thought: maybe she thought that, as a G-man, I'd have the resources+will to compromise someone else's e-mail and impersonate them?
  
  Wednesday, 23-Mar-2016 19:06:10 EDT permalink
- Joshua Judson Rosen (rozzin)'s status on Thursday, 24-Mar-2016 09:59:11 EDT Joshua Judson Rosen
  
  ... or maybe she thought that "Joshua Judson Rosen" might be a #codename shared by / recycled across multiple people? Like "James Bond"?
  
  Thursday, 24-Mar-2016 09:59:11 EDT permalink
- Joshua Judson Rosen (rozzin)'s status on Thursday, 24-Mar-2016 10:15:25 EDT Joshua Judson Rosen
  
  I'm confused by the "only certify the identity of goodguys, never of badguys" mentality; don't we WANT #badguys to be reliably recognizable?
  
  Thursday, 24-Mar-2016 10:15:25 EDT permalink
- MMN-o ✅⃠ (mmn)'s status on Thursday, 24-Mar-2016 10:51:51 EDT MMN-o ✅⃠
  Remote profile options...
  - Joshua Judson Rosen
  @rozzin Yeah, if we just change the baseline to certified, encrypted domains, we won't need any terminology as today about "secure connections", meaning we can shift that to mean "not evil" instead.
  
  The certification method should of course be configurable from CAs to whatever, since today's PKI is far from secure anyway.
  
  Thursday, 24-Mar-2016 10:51:51 EDT permalink
  
  Joshua Judson Rosen likes this.
- windigo (windigo)'s status on Thursday, 24-Mar-2016 13:18:40 EDT windigo
  Remote profile options...
  - Joshua Judson Rosen
  @rozzin If bad guys get thrown into the web of trust, it allows them to sign other bad guys' impostor keys. :)
  
  Thursday, 24-Mar-2016 13:18:40 EDT permalink
  
  Joshua Judson Rosen repeated this.
- Joshua Judson Rosen (rozzin)'s status on Thursday, 24-Mar-2016 14:53:28 EDT Joshua Judson Rosen
  - windigo
  @windigo, I guess that's why ID-certification and trust are two separate things in #PGP, "sign" and "tsign" are separate commands in #GnuPG, and nobody uses "tsign" ;)
  
  Thursday, 24-Mar-2016 14:53:28 EDT permalink
- Joshua Judson Rosen (rozzin)'s status on Thursday, 24-Mar-2016 18:30:48 EDT Joshua Judson Rosen
  - windigo
  As the #GnuPG manual says, bundling #trust into #keysigning "is generally only useful in distinct communities or groups": https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html
  
  Thursday, 24-Mar-2016 18:30:48 EDT permalink
- windigo (windigo)'s status on Friday, 25-Mar-2016 14:52:45 EDT windigo
  Remote profile options...
  - Joshua Judson Rosen
  @rozzin Ahh, then I misunderstood - I agree, it shouldn't really make any difference who you sign, as long as their identity is clear.
  
  Friday, 25-Mar-2016 14:52:45 EDT permalink
- Joshua Judson Rosen (rozzin)'s status on Sunday, 21-May-2017 15:16:27 EDT Joshua Judson Rosen
  - Today I Learned...
  Wow: !TIL that #keybase was founded on a fundamental misunderstanding about how the #PGP / #GnuPG #weboftrust works: http://web.archive.org/web/20141027135352/https://keybase.io/docs/tracking https://lists.gnupg.org/pipermail/gnupg-users/2014-December/051939.html https://www.linux.com/blog/pgp-web-trust-delegated-trust-and-keyservers
  
  Sunday, 21-May-2017 15:16:27 EDT permalink
  
  maiyannah likes this.

Feeds