What a day. I got stuck in a rainstorm unexpectedly, and the notebook I was
carrying got badly wet. Waterfast ink pens :-). But about GPG! I wanted to use
it for an email today, and didn't have a valid key, having not bothered with it
since moving to openbsd, since no one I know in real life uses it (and they are
in fact actively stymied by it).
I have vacilated about GPG before, disliking how complicated the RFCs are, and I
worry that it's both overwrought and too specific, and temporal in the sense
that it is not clear to me how long some of the security norms will last. And
the high level wrapper for gpgme moved from common lisp to python after
sbcl 1.4, and even digging through the current state of it a few months ago I
wasn't overwhelmed with either the apparent architecture nor particular
substance of what I was seeing. Then surely I should roll my own... What,
exactly? RFC 4880? But the value of GPG is that everyone is speaking the same
language, viz a viz signing and encrypting. The temptation is strong to just
generally use symmetric key cryptography where, when and how I want it and just
package it with software if I want that. But then I'm reimplementing secure
protocols, and that's a big responsibility. I guess, when in Rome after all.

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.