Adam Bolte
Since I imagine a lot of people interested in free software would also be big on privacy, I would like to know what other people here think of the idea of leaving GPG encryption on by default. Does anyone practise it? Is there any good reason why we shouldn't?
I think it's a good idea: opportunistic encryption (when I'm sending a point-to-point message, e.g. email, and if it appears I can encrypt that message such that the other end can decrypt it, I should go ahead and do it without checking further) is a way to increase awareness of and proficiency with encryption. What stops me, frequently, is key management. I am often sending messages (such as this one) composed and sent from a remote server which I share with several other people. I think it'd be poor security to have my GPG secret key stored there, where others with only a loose trust relationship have access to crack it if they choose. -- \ “When cryptography is outlawed, bayl bhgynjf jvyy unir | `\ cevinpl.” —Anonymous | _o__) | Ben Finney