Digital contract signatures [ non-linux topic, nerd topic ]
Pavel Zaitsev
pavel-XHBUQMKE58M at public.gmane.org
Fri May 4 22:07:09 UTC 2007
Sheldon Mustard(smustard-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org)@Fri, May 04, 2007 at 05:16:23PM -0400:
> On an unrelated note, I have been wondering for a while now why the
> supergeeks at google don't integrate gnupg into gmail? Anyone have any idea
> ... seems like a no brainer to me.
Because then google will own the key to your identity. While gpg is being used for generic encryption, if your key is signed by many people, any individual owning such a key can pose as you. It is sort of like giving google your passport when they will install in-airport email password indentity verification service. I won't be comfortable anyone besides me having my passport. While cryptographic identity isn't as popular now, with years to come, people will realise that current identification mechanism is superficial and carries, little secuirty value. And as identity theft is one the rise, with laughable punishment, reward is high for very little effort.
So in general things I encrypt, I don't want anyone to read, except the intended audience. Having google access to my private key and password on invalidates, what the crypto is for. And in return, places burden of keeping my sensitive secrets on people and processes at google.
However, if you'd be able to clearly delete account at google, without them keeping your information. It would be of added value, for them to generated account bound gpg-keys, that isn't signed by anyone and used for sole purpose of encrypting mail text. The key can be stored for temprorary amount of time, and if account is deleted, so will the key.
Regards,
Pavel
--
Create like God. Command like a King. Work like a Slave.
http://arslogic.com | http://arslogic.com/resume.pdf
direct: 416-564-5255 | fax: 416-596-0128
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://gtalug.org/pipermail/legacy/attachments/20070504/f306b7fa/attachment.sig>
More information about the Legacy
mailing list