On Mon, Jun 11, 2018 at 8:20 AM, Andre Heinecke <firstname.lastname@example.org>
wrote: > Hi,
> On Saturday, June 9, 2018 2:51:23 PM CEST Dashamir Hoxha wrote:
> > I don't know what is WKD, and Keybase as far as I know is centralized, it
> > is not distributed.
> WKD is the Web Key Directory  so that you can do with recent
> versions of
> GnuPG a:
> "gpg --locate-key email@example.com"
> Which then gets the key from intevation.de without a keyserver and
> without a
> walkable directory.
This seems interesting. I will look at WKD closer.
Any P2P solution for sharing keys would be better than keyservers, in my
> As for other projects maybe some ideas:
> - A look at the trustmodels of OpenPGP with maybe ideas how to improve
> them or
> their usage.
> - Usability studies of OpenPGP MUA's and comments / improvements about
> (Why Johnny still still can't encrypt) Here with the focus on concrete
> suggestions what to imrpove.
> - Private key sync between multiple devices.
> - Private key backup that is understandable to users who generally only
> recoverable passwords as secret.
These ideas seem interesting too. I have been thinking myself about how to
GnuPG more easy and more accessible to people, so that it becomes a part
of normal everyday life. For example nowadays even very old people and very
young children have learned to use smartphones as a part of their everyday
Who would have thought this a few years ago (myself I have started to use
a smartphone almost a year ago).
Can we make GnuPG part of the everyday life?
A few months ago I applied for PhD to a university with a research project
but I was not accepted. Maybe I applied to the wrong university. I will
append a copy
of the project idea at the end of this message.
Recently I have learned that people interested on Privacy Enhanced
have a special mailing list where they post announcements about conferences,
PhD positions, jobs etc. that are related to this topic. I don't know if
there is any similar
mailing list about the PGP/GPG topics.
--------------- project idea about making gnupg more popular
I have been interested on digital signatures, as an essential tool for
enabling and supporting the
digital identity and establishing a secure relationship between the people
on the real world and digital
documents. This is crucial for creating trust and security on the digital
world and for building a digital
Without digital signatures we cannot be sure that digital documents are
original and we cannot be sure
about their real author (they can be corrupted and manipulated). Without
these guaranties, digital
documents can never be considered official. So, despite using computers,
digital systems and digital
documents, we always have to rely on the hard copies of the documents and
keep them around for official
purposes, since we can’t fully trust the digital documents. This means that
we will never be able to build
totally digital systems for institutions and organizations, free from
papers and hard-copy documents.
I have also written an article that discusses and summarizes these issues,
makes a comparison between
the two authentication models, X.509 and OpenPGP, and makes a few proposals
for solving existing
issues: The Digital Signature and the X.509/OpenPGP Authentication Models https://www.researchgate.net/publication/317176950_The_Digital_Signature_and_the_X509OpenPGP_Authentication_Models
The technology and tools for making digital signatures have been available
since a long time. The legal
framework for recognizing digitally signed documents as valid for official
purposes does exist since many
years. However we still don't see a widespread usage of digital signatures
on everyday life. For example
very few people use digital signatures to secure their email
communications. It is even less used while
exchanging digital documents between businesses, organizations, or with
There are clearly some problems that prevent the adaptation of the digital
signature technology on the
everyday life. Some of these problems may be:
- The existing tools for making digital signatures are not enough
user-friendly to be used by common
- The existing infrastructure that supports digital identities and their
verification/validation is not
adequate to support the everyday life use-cases.
- There is a lack of literacy about the digital signature and the available
tools, and people don't really
know why or how to use them.
I have been interested for a long time about these issues and how to solve
them. In the past years I have
even developed a tool, called EasyGPG, which tries to solve the first issue
mentioned above (making tools
easy to use). It is a set of shell scripts that wrap GnuPG and try to make
it more accessible and easy to
If I get the chance to do my doctoral studies on your university, my
objective would be
to study and try to find adequate solutions for these problems.
More specifically, I will study in more details any existing tools that
help to ensure security and trust on the
digital world, including asymmetric cryptography, digital signature tools
and infrastructures, blockchain
Then I will try to design a system that applies these tools and
technologies to solve a real world
problem. For example, it can be a digitized notary office, which allows the
notary to legalize a digital
document by signing it with his digital signature. It can also help his
clients to sign a digital contract with
their digital signatures, which then can be stamped and legalized by the
notary through his digital
signature. The notary himself can also help his clients to create their
digital certificates (with which they
can sign their digital documents), and he can check, verify, and sign these
digital certificates. Since the
notary is a public, well known, and trusted person, the digital
certificates verified and signed by him
can also be trusted by other parties (institutions, partners, other
I will also try to build a working prototype or a first version of this
software. And of course I will try to make
it as easy as possible, both for the notaries and for the clients, so that
they find its usage intuitive and
natural. In the long term, this may be the beginning of a start-up company,
because the software will need
to be maintained and improved, the notary offices may need training and
support, the infrastructure may
need maintenance, etc.
It seems to me that this is an innovative project, which helps to transfer
advanced technologies to the real
world domain, where they can be accessible and available to everybody on
their normal everyday life. If it
succeeds, it may have a fundamental impact on the society and build a
bridge to a fully digitized society.
----------- end of project idea ----------------------