@Dietrich T. Schmitz * Your Linux Advocate One problem would be getting ordinary users to to download, install and use GnuPG:
http://howto.cnet.com/8301-11310_39-10434684-285/want-really-secure-gmail-try-gpg-encryption/
"The bigger problem with encrypted mail is convincing others to install the software and use it. Until then, you'll be like the proverbial owner of the world's single fax machine: nice technology, but there's nothing you can do with it until someone else gets one.
Also, if someone within a web of trust can be socially-engineered, a miscreant can forge a fake web of trust. In this case, would most individuals perform the due diligence required to identify the fake web of trust? More here (see 'signatures and webs of trust do not guarantee trustable keys'):
http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
And, finally, someone within a web of trust could have their PC or user account pwned. Thus, providing a miscreant with access to their private key. Would most users create a revocation certificate and choose to store it in a safe place? Would they know how to create a revocation certificate? And how to apply it?
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
