My words of wisdom for today
The incredibly tragic belated lesson of public key cryptography is this: Trust means trust. There is no shortcut and no substitute for it; if you trust someone, you are really trusting someone. If the person you trusted is abusive, you are really subject to the consequences. If you don't have a reason to trust someone or something, software cannot provide one.[...]
In the blurbs for PGP, it used to say "Communicate securely with people you have never met!", which was the amazing technical achievement of public-key crypto. However, it should have added "Still have absolutely no idea whether they are who they say they are, or whether you should trust them!".
(on peacefire-technical)
(Speaking of that, my GPG key is on Drew Steib's keyserver (although I didn't put it there! Do you trust that key? As a great cryptographer once said, "Why?".).
I spent a long time talking about PKI and I think I now understand it well enough to substantiate my claim that it's "incredibly tragic". See also Carl Ellison's padlock page and the 10 Risks of PKI.
