Quote from: Imaginarytailus13 on July 17, 2012, 07:00 amQuote from: LouisCyphre on July 17, 2012, 03:18 amQuote from: om on July 17, 2012, 02:16 amI'm still not convinced it's worth the effort.It's your life and your choice, but I do hope you don't become a vendor.Yup, no one sane will trust a non-PGP vendor. There`s a reason the SR wiki points it out and explains it in detail. 'You should be using PGP for all communications to sellers who specify it in their profile pages (basically all of them). Optionally, you can also PGP your name and address when placing an order for a product.' as stated in the wiki.I'd go further. I wouldn't trust a vendor that used a key with less than 2048-bit strength, that uses old-style key structure (signing and encrypting included in the master key with no subkeys), only supported SHA1 hashes and only used symmetric ciphers that predated AES. I also wouldn't trust anyone using BCPG (which includes everyone using IGolder) and Portable PGP 1.0.6 and earlier (I'm not yet sure about 1.0.7, but it is built with Java so being able to exploit the Java VM means being able to compromise the whole program).Oh, I also wouldn't trust any vendor stupid enough to post their secret key on their vendor page (I have seen this).