[spam][joke][cryptotragedy] checking signatures on boot media

Stefan Claas spam.trap.mailing.lists at gmail.com
Thu Nov 4 15:21:22 PDT 2021 

On Thu, Nov 4, 2021 at 10:51 PM Karl <gmkarl at gmail.com> wrote:

> whether or not they are online is orthogonal to whether or not they use wot and governikus.  wot works fine offline too, works fine with yubikey.
>
> I was surprised when you started saying things as strange as the things I say.  but it is much more pleasant to banter with you than the posters who say very mean things with every post.

Hi Karl,

this is a good (technical) thread about OpenPGP Wot or Governikus
usage, where many
more things can be discussed about these two.

I started using PGP when ITAR was still in place, regarding strong
crypto and used back
then an illegally exported version from the United States, so I think
I still have a good
overview of how PGP or better OpenPGP evolved over the decades.

Both the classic WoT (if carried out properly) and Governikus have
their use cases.

I already switched long ago to age and NaClbox (offline usage) because
I still remember
public key cryptography before PGP was invented and pub keys had no UID etc.

For me, personally, public key cryptography does not mean that I do
have to reveal
details, like my email address or name or according to many signatures with whom
I may have communicated. General Alexander once said "we do not look
for the needle
in the haystack, we take the whole haystack" ... See public OpenPGP
key servers as
a haystack. Public key cryptography also does not mean that the whole
world needs
to know that I use it (only with my personal friends).

What OpenPGP IMHO liked to solve is to use public key cryptography for
the masses,
where every Joe user average can communicate with strangers globally and somehow
knowing that person X is maybe person X, when using the classic WoT.

Question would be, do we really need this? For business purposes, I
would not need
this and for private use only also not much.

P.S. I suggest also in this regard to take a look, in case you have
Rust installed,
at sequoia-pgp, which also allows you to create a key pair without a UID, bit
AFAIK GnuPG can not handle such pub keys currently.

Regards
Stefan

More information about the cypherpunks mailing list