PGP.ASC: DECENTRALIZING AND STANDARDIZING PGP KEY STORAGE
--

I recently came across a new project which aims to standardize how we get hold of PGP keys, decentralizing the process and adding alternatives to centrally controlled keyservers. It's called pgp.asc [http://pgpasc.org] and it was created by developer Max Stoiber.

The basic idea is that people who have websites can generate their own PGP keys and then place their pulic key as a file called pgp.asc in their root folder (e.g.http://domain.com/pgp.asc). That's it! It may sound incredibly simple - and it is - but I think it adds a pretty cool way to decentralize how we obtain keys. It's not 100% foolproof, but this is just a start. It adds an easy way (especially for beginners) to get into the world of mail encryption and provides a standard way to find keys. Of course there is a chicken and egg problem with new initiatives like this, but I hope this one gets off the ground and becomes widely used.

Here's a short interview with Max, where I asked him about the project and what he thinks about the importance of PGP.

THE INTERVIEW

[N-] What made you come up with the idea for pgp.asc?

[MS] It was a mixture of learning more and more about PGP and starting to use it, and absolutely loving the humans.txt initiative. Combine those two, and you have pgp.asc!

[N-] Have you had many people using it so far?

[MS] As you can see in our Hall of Fame [http://pgpasc.org/halloffame.html] there is 12 people in there, but I am pretty sure the actual number is much higher.

[N-] Why do you think it's important for people to use PGP encryption?

[MS] A nice metaphor is, that PGP is basically envelopes for digital mail. Nobody sends physical mail without an envelope, nobody should read it except the recipient. That's exactly what PGP does, but it's more of a Fort Knox than an envelope.

[N-] How do you feel about the apathy from the public about privacy in general? How do you think we can persuade others that using PGP is a good for them?

[MS] I think it's mostly the tools, which are absolutely horrendous to use. I read a quote somewhere which I think sums it up quite well:

Security people should start hanging out with Usability people.

[N-] I totally agree. For those who haven't set up their own pgp key, what's the easiest way you've found to do it?

[MS] I've just finished our basic PGP Guide for beginners, which should be on the website soon! You can find the current version right here: [https://github.com/mstoiber/pgp.asc/issues/5]

[N-] Are there any future developments youre thinking of adding to the project?

[MS] We are just getting started, I have a very long roadmap. Right now the focus is making a nice website and getting the copy perfect, while simultaneously building a nice backend for the Hall of Fame. (We need designers/copywriters! Are you interested in encryption and want to help? Come and join the discussion at [https://github.com/mstoiber/pgp.asc]!)

I then plan on adding a big "Beginners Section" for people who have never heard of PGP before, and then maybe even an advanced section, with tutorials about more elaborate ways to distribute your key. (E.g. Namecoin, Keybase, DNS,…) I'd also really like a page that focusses on the surrounding elements, e.g. your network, your PC,… (Basically what Curtis Wallens PGP Guide touches on: [http://curtiswallen.com/pgp])

[N-] Where can people go to find out more info on the project?

[MS] Currently, most of the information and discussion is on Github: [https://github.com/mstoiber/pgp.asc]

[N-] Thanks for taking the time Max. I think all of you should go to the Github link above and also check out [http://pgpasc.org] and start using the new standard today! Let's help get this initiative off the ground.

--
BY NODE