Are we doing any GPG/PGP signing parties?

Jonathan Duncan jonathan at bluesunhosting.com
Fri Nov 6 10:37:19 MST 2015


On Fri, Nov 6, 2015 at 10:33 AM, Lonnie Olson <lists at kittypee.com> wrote:

> On Fri, Nov 6, 2015 at 9:42 AM, Jonathan Duncan
> <jonathan at bluesunhosting.com> wrote:
> > As I mentioned earlier I sign and pass messages these
> > days with keybase.io (using GPG) or sharelock.io.
>
> Interesting, I haven't heard of sharelock.io before.  It's quite
> interesting, but since the key is held by the website instead of the
> recipient, the message can be intercepted and read by the sharelock.io
> operators, or anyone that can successfully intercept the SSL
> transaction between recipient and sharelock.io (Corporate SSL
> Inspection).
>
> PGP (including keybase.io) on the other hand uses proper keys held by
> sender/recipient.  So I guess your choice depends on the sensitivity
> of the message and/or the ability of the recipient to use proper keys.
>
> Indeed, of the two, keybase is definitely more secure. Sharelock has
almost no barrier to entry, which makes it a good first step for
encouraging people to start using crypto, if, as you say, we can actually
trust Sharelock employees. :)


More information about the PLUG mailing list