Slashdot Mirror
Wikileaks Sidesteps Publishing Public PGP Key
An anonymous reader writes "Repeated requests toward the Wikileaks staff regarding their use of PGP have gone unanswered. The current public PGP key posted has been expired since November 2nd, 2007. A response on their PGP talk page notes that the 'SSL based mail submission system' will be the secure online method of document submission. At the current time, there is no method to safely encrypt any postal communications with Wikileaks or verify that any given communication actually originated from a Wikileaks staff member."
Doubtless there are some complicating factors here -- but what is the best way to keep a confidentiality-centric site like Wikileaks trustworthy?
The thing is, there is no point to PGP/GPG these days. S/MIME and SSL are real standards and integrated with practically every browser and e-mail package out there.
PGP was and still is just a hack.
The private key you mean?
If you mean the public key, that proves nothing, if you mean the private key, anyone who uses it in the future can attribute documents to you. I know 3am PBS isn't popular, but I still wouldn't broadcast it.
Expiration of PGP keys is a feature and does not prevent the key from being used in the future (although it should not be considered secure if used after the expiration date). The purpose is to prevent the impact of a compromised key by limiting its validity period.
Expiry can also be useful in the event that a private key is lost. Revocation of a public key requires access to the private keys.
Here you go.
Centralization breaks the internet.
So enable IMAP and SMTP support in Google Mail and use a PGP-equipped client.