bye bye ViaCode

[David Hansen]

On 10 Jun 2002 at 9:49, Pete Chown wrote:

> > You have met our central (key) management?
> 
> I suppose if it's incompetent, that's a reason to do your own!

That's a reason, but only a minor one.

The major reason is that people should be responsible for their own 
keys. Only a fool or ignorant person would trust a key produced for 
them by some centralised IT organisation that is not accountable to 
them in any meaningful way. How does Dr X know that the keys are not 
being leaked to insurance companies, an organisation that views all 
dissenters as terrorists or whoever? It's difficult to intercept and 
copy paper notes, far easier to do this since the Labour Party were 
so stupid as to insist that an infrastructure to do this was put in 
place.

>  A better solution would be to fix the central system,

Your spelling checker seems to have turned abandon into fix for some 
reason:-)

> > I'd like to know that notes made and sent to me cannot be
> > repudiated, and that notes I send to someone else cannot be read
> > before they get there.
> 
> But surely you get that with a centralised key management
> architecture, and with a lot less work too.

Only if you trust the centralised system. Even then you don't know, 
you only hope, though the eminently sensible web of trust can have 
similar problems.

Web of trust works the way humans work. It is possible for this to go 
wrong, but it is a darned sight better than the sort of inhuman top 
down system  that some "experts" seek to force upon people. Next we 
will be offered Red Herring:-)


--
  David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
 I will *always* explain why I revoke a key, unless the UK 
 government prevents me using the RIP Act 2000.