A Preposterous Preponderance of Prominent PGP Ponderings

[big_bad_al]

Let me start this out by killing any speculation this post might raise: no, this has nothing to do with work. I am not doing anything related to GMail right now, nor do I know anyone working on GMail. Anything I write here should in no way be affiliated with Google.

Having said that, here are my thoughts: after talking to sneaselcouth about it recently, I've

Comments

[inferno0069]

One issue would be that you're now planning to store the private key on Gmail's server, and send the password over the 'net to Gmail. This first requires people to trust Google quite a bit, and then a secure connection (probably easy/already there). Then, unfortunately, users will clamor for the password to be cached. Gmail could probably succeed at caching it for the lesser of the session or N minutes, but if others picked this up they'd be less secure. I am all for its support, but I'd expect tension as more people adopt its use.

I remember from when I was first learning about PGP that (at least in the MIT version I had then) you could easily assign a level of trust to people, so that you could sign a key to mean that yes, this is definitely Bob, but assign them 0 trust saying that Bob gets drunk at a lot of PGP parties and you don't trust his signatures.

Last I checked, my (public) PGP key is still stored here on LJ. Click the key icon near my name at the top of my profile. I can't remember how I got it there, though. I also can't remember or easily access my ID/fingerprint right now.

[big_bad_al]

I've always been a little hazy about ASCII-armored keys. Is that just the output of 'gpg --armor --export *myKeyID*'? Now that I have yours, what do I do with it?

In response to your issue, remember that the vast majority of users know absolutely nothing about computers. The average user trusts pretty much anyone with pretty much anything, particularly if they're upfront about what it is that they're doing and why it's a good idea. This is why spyware and phishing exist in the first place. Consequently, I think people wouldn't mind if Hotmail/etc had all their users' keys (and the users themselves didn't have these keys on their personal machines). It might not be the perfectly secure system that GPG was intended to be, but I think it'd be good enough for your grandmother to use. I'd say that anyone who uses webmail already trusts their webmail provider with everything a PGP key could influence, so the trust is already there. Caching could be tricky, but I'm not convinced it's that major a threat. You're also right about the levels of trust, and that could likely be used to alleviate the concerns of people who actualy use PGP correctly.

I guess a bigger concern is companies having keys with expiration dates: eBay would want their key to expire eventually, since there would be a lot of money in cracking that sucker and the phishers would try to do that ASAP. The trick would then become automating the bit where you get eBay's new key and remove their old one, so that their key could expire and no users would notice the switch to the new one.

[inferno0069]

I think you can just import it with 'cat keyfile | gpg --import', and probably then refresh it from the keyservers. Alternately, it can probably be found on the servers mac mentioned with cerickso@cs.hmc.edu. (I probably have an st.hmc.edu identity I should remove now.)