<!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
<div class="section-intro">
<h2><em>#4</em> Learn the Web of Trust</h2>
- <p>Email encryption is a powerful technology, but it has a weakness; it requires a way to verify that a person's public key is actually theirs. Otherwise, there would be no way to stop an attacker from making an email address with your friend's name, creating keys to go with it and impersonating your friend.</p>
+ <p>Email encryption is a powerful technology, but it has a weakness; it requires a way to verify that a person's public key is actually theirs. Otherwise, there would be no way to stop an attacker from making an email address with your friend's name, creating keys to go with it and impersonating your friend. That's why the free software programmers that developed email encryption created keysigning and the Web of Trust.</p>
- <p>That's why the programmers that developed email encryption created keysigning and the Web of Trust. When you sign someone's key, you are publicly saying that you trust that it does belong to them and not an impostor.</p>
+<p>When you sign someone's key, you are publicly saying that you trust that it does belong to them and not an impostor. People who use your public key can see the number of signatures it has. Once you've used GnuPG for a long time, you may have hundreds of signatures. The Web of Trust is the constellation of all GnuPG users, connected to each other by chains of trust expressed through signatures, into a giant Web. The more signatures a key has, and the more signatures its signers' keys have, the more trustworthy that key is.</p>
-<p>People who use your public key can see the number of signatures it has. Once you've used GnuPG for a long time, you may have hundreds of signatures. The Web of Trust is the constellation of GnuPG users, connected to each other by chains of trust expressed through signatures, into a giant Web. The more signatures a key has, and the more signatures its signers' keys have, the more trustworthy that key is.</p>
-
-<p>People's public keys are usually identified by their key ID, which is a short string of digits like 9G6E29F7. You may also see them referred to by their key fingerprint, which is a slightly longer string of digits often prefaced with 0x, like 0x2C1008316F3E89B7.</p>
+<p>People's public keys are usually identified by their key ID, which is a short string of 8 digits like 92AB3FF7 (for Adele's key). You can see your key ID on the right in OpenPGP → Key Management in your email program's menu.</p>
+<p>It's good practice to share your key ID, so that so that people can double-check that they have the correct key when they download yours from a keyserver. You may also see public keys referred to by their key fingerprint, which is a longer string of digits, like DD878C06E8C2BEDDD4A440D3E573346992AB3FF7. The key ID is just the last 8 digits of the fingerprint</p>
</div><!-- End .section-intro -->
<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
<div id="step-5d" class="step">
<div class="main">
- <h3>Make it part of your online identity</h3>
- <p>Start writing your key ID anywhere someone would see your email address. Add it to your email signature, so that anyone corresponding with you knows that they can donwload your public key and verify that it's the correct one. It's also good to post it on your media profile, blog, Website, or business card. (At the Free Software Foundation, we put ours on our <a href="https://fsf.org/about/staff">staff page</a>.)</p><p>We need to get our culture to the point that we feel like something is missing when we see an email address without a public key ID.</p>
+ <h3>Make your public key part of your online identity</h3>
+ <p> First add your key ID to your email signature, then compose an email to at least five of your friends, telling them you just set up GnuPG and mentioning your key ID. Link to this guide and ask them to join you. Don't forget that there's also an awesome <a href="infographic.html">infographic to share.</a></p>
+
+<p class="notes">Start writing your key ID anywhere someone would see your email address: your social media profiles, blog, Website, or business card. (At the Free Software Foundation, we put ours on our <a href="https://fsf.org/about/staff">staff page</a>.) We need to get our culture to the point that we feel like something is missing when we see an email address without a public key ID.</p>
</div><!-- End .main -->
</div><!-- End #step-5d .step-->
<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
<div id="step-more_technologies" class="step">
- <div class="main">
- <h3>Protect more of your digital life</h3>
+
+
+<div class="sidebar">
+ <p><a id="infographic" href="infographic.html"><img src="//static.fsf.org/nosvn/enc-dev0/img/infographic-button.png" alt="View & share our infographic →" /></a></p>
+ </div><!-- /.sidebar -->
+<div class="main">
+
+
+ <h3>Protect more of your digital life</h3>
+
<p>Learn surveillance-resistant technologies for instant messages, hard drive storage, online sharing and more at <a href="https://directory.fsf.org/wiki/Collection:Privacy_pack"> the Free Software Directory's Privacy Pack</a> and <a href="https://prism-break.org">prism-break.org</a>.</p>
</div><!-- End .main -->
</div><!-- End #step-more_technologies .step -->
projects / enc-live.git / blobdiff