RetroShare

Please do not attempt to reach me via RetroShare until further notice.

RetroShare is a mostly user-friendly peer-to-peer sharing network in which all communication is encrypted using GnuPG. It enables file sharing, chat, forums, and private messaging. The program no longer uses your normal GnuPG key data, and makes key-signing too casual—a public key is a form of identification, signing that key is a verification of that identification, and casual signing, such as RetroShare encourages, undermines the usefulness of that verification. So I would plead with anyone connecting to me via RetroShare to actually verify identities prior to signing keys; one way to do this is with a key-signing party. If I learn that someone I'm connected to is casually signing keys, I will lower the trust value I assign to their signatures (a GnuPG feature).

My GnuPG keys, information, and key-signing policies are here. You may connect to me on RetroShare as benfell@parts-unknown.org.

I have, on at least three attempts to set up RetroShare, encountered difficulty importing my existing keys. Most recently, it misidentified my key as a sign-only key, which I would never choose to generate. The program really seems to want to set up new weak (in my experience, 1024-bit, although I'm told this is now 2048-bit—which is minimal) keys rather than employ any existing infrastructure I already have set up. This makes RetroShare really rather ridiculous from my standpoint—clearly, its developers have focused on features rather than on getting basic stuff working correctly—and I am unlikely to explore this further for the foreseeable future.

Graton, June 23, 2012