[H-GEN] Key-signing at Humbug: Saturday, 1st March 2003

[Greg Black]

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

+0Ny BilbRough wrote (re-formatted for legibility and to fix the
top-posting):

| Greg Black wrote:
| > Harry Phillips wrote:
| > | Forgive my ingnorance but what is this for? What benefits can it provide?
| > A few seconds with google would have answered the question.
| > Failing that, you could start at the GnuPG site and follow the
| > documentation links there (especially the FAQ and stuff it
| > points to).  See:
| >     http://www.gnupg.org/
| 
| I'm afraid that I, as did Harry, wandered down those pages
| Greg suggests.  And came out the other side just as ignorant.
| Lacking Harry's courage to exhibit my stupidity, I asked
| Snowy.  I am now a little wiser about the aims, but not an
| awful lot.

OK, for those who are still finding this heavy going (and that
will be anybody who has not devoted many hours -- or days -- to
the study of the various aspects of encryption), here are some
specific references:

  1. Phil Zimmermann's essay "Why I Wrote PGP"
     http://www.philzimmermann.com/essays-WhyIWrotePGP.shtml

  2. The GnuPG Mini-Howto
     http://webber.dewinter.com/gnupg_howto/

  3. The GNU Privacy Handbook
     http://www.gnupg.org/gph/en/manual.html

If you want to know what this PGP/GnuPG thing is all about, you
will need -- at the very least -- to read those three documents
in full, and then you'll need time to reflect on the stuff you
found there.  If you can get hold of the O'Reilly book on PGP by
Simson Garfinkel, that is also a useful reference (although my
1994 edition is way out of date now).  See:
     http://www.oreilly.com/catalog/pgp/

Sadly, because it is a complex matter and because it doesn't fit
well with other things we tend to have learned, this encryption
stuff just takes time to assimilate.  But it is of great value,
even though you may not think you need it today.

| I have little paranoia, and even less need to hide my
| activities - as yet!  Harry, I just wanted to be a part of
| this signing because it seemed like fun.  But in all honesty I
| really do not understand the NEED for all of us to have gnupg.

We don't need it every day, but there are reasons to try to make
its use more widespread.  I think that it would be a really good
idea for Mark to arrange to either give an introductory talk
about it at the meeting or perhaps to setup a little panel to
discuss it and answer questions.  Maybe both.  Mark?

I could give lots of examples of its benefits, but I won't do
that just now -- for one thing, I'd really like to see people do
a bit of that reading first so that we have a baseline of at
least minimal understanding to work from.

| Unless its to dominate the market with an Open Source
| application, so keeping Redmond out?

Not at all.  The original PGP was free but is no longer free.
It was written first for the then current Microsoft platform
(one of the reasons it sucked so badly in many ways).  Phil
Zimmermann then sold out to various commercial interests (and I
can't tell that story because it was of no interest to me then
or now).  Subsequently, an open PGP standard was proposed and
various people got together to implement it under the GPL.  The
outcome was GnuPG (aka gpg).  It runs on Windows, Unix, Linux
and probably other platforms.

Greg

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/