Re: GPG

Doug Laidlaw wrote:
I have never believed in "Don't ask questions; just follow the crowd." Accepting "the crowd" has given me a disk bloated with drivers that I will
never use, and locales that I will never use, with no better justification
than the famous "Because they are there!"

I am still wondering if I need GPG at all. About the only scenario I can
see where it is worth the trouble is emailing credit card details. If such
an email is signed with GPG, is it protected during transit? It is in no
way protected upon arrival.

Several points:

The only thing signing your payment card info does is assure the recipient that you and only you sent it, assuming the recipient uses GPG or PGP and has your public key.

Signing your payment card info does not in any way "protect" it from interception.

To protect the info in transit, you need the recipient's public key and you need to use it to encrypt the data to him (and maybe to yourself so you can read what you sent).

If you use a reliable method to transport information confidentially to someone who's careless with the info after he gets it, then you should make sure that he's contractually liable for negligence on his part. If you can enforce no such liability on someone who's known to be negligent, why are you sending him confidential information? That's not a technical problem, and it's not going to have a technical solution.
.

Quantcast