1. 19

I don’t necessarily agree with the author, but I thought it could provoke interesting discussions.


  2. 18

    I really really dislike this article, PGP is very clearly designed for communications that are non-transactional and I really don’t think the author understands that. So I took the time to address (read as “get angry at”) each of these:

    1. This is totally user error and in his update it is supposedly software error. This has nothing to do with PGP itself.
    2. Duh, if you are going to verify something you sort of have to have some sort of idea about what format it’s in. I thought they was going to complain about ASN.1 which would be reasonable.
    3. The verification of who you are talking to is literally one of the main points of PGP… By nature you are going to be leaking metadata, this person seems to understand what being able to verify an identity means. Also what do they think keyservers are for. And why is he rambling about democracy.
    4. Again PGP is designed for environments where you can’t deal with active key exchange and handle transactions.
    5. Got to love the pandering of how “crypto could be broken!”, duh. If you are going to complain about standard cipher suites at least give an alternative that isn’t going to be, you can’t just claim that “someday it will be broken!”. Plus I don’t think anyone who was actually using pqCrypto didn’t realize that it could also have problems: https://blog.cr.yp.to/20140213-ideal.html ), so what cryptosystems are they talking about? ECC doesn’t require expert mode in any of the stable versions I tested, they sort of had to y'know not throw new cipher suites around without testing them.
    6. Does this person not understand what a public key is?
    7. Trust has to be established somehow, I do think that this area is the one that needs the most improvement in PGP though so seems like a fair critique.
    8. PGP and OTR aren’t comparable. It was never designed for deniable authentication.
    9. Welcome to cryptography. (also “This is a problem with SSH and OTR more than with PGP”, so why is it here?)
    10. Should be “Group messaging ENCRYPTION is impractical” I sure as shit can sign a message and send it to any amount of people I want.
    11. Client problem not PGPs.
    12. DNS, mail, and X509 problems, NOT PGPs. I can do PGP messages over DHTs just fine, I know, I’ve done it.
    13. Fixed, this was a bad design fully agree.
    14. Huh? I seriously don’t get this.
    15. “I have a better alternative to email” - failed standard #13947

    This person seems to have a strange handle on PGP, like some aspects they seem fine on, but then they don’t understand fundamental design and cryptographic principles. Everything here is known. Like they even acknowledge that the article is more about SMTP or SMTP+PGP than just PGP, so why isn’t this titled “15 reasons not to start using PGP and SMTP together”. I see very little added here with a lot of really strange political rambling. I am in no way a PGP apologist and have my own qualms, but these seem to be the wrong ones.

    1. 10

      In addition to poptart, I’d like to add what I said to Moxie on his gripes against PGP/GPG: the NSA apparently can’t break gpg when used in a sane way. They gripe about it in the Snowden leaks. We know it works. So, my recommendation was to create the most secure-by-default setup of GPG with basic instructions for use plus better UI. For me, I just write stuff in text files with gibberish names that I encrypt with it and send with normal mail. Do key exchange in person or in some convoluted, hard-to-compromise-without-targeting way. If it’s some other kind of file, I zip it up in a bland way, encrypt that, and send it however.

      The fact that it’s proven to work against the mightiest of attackers plus easy to script means you should be using it by default. If you replace it, that replacement better have just as much going for it in terms of assurance. We’ll have to wait till the next Snowden to find out how these “better than PGP/GPG” solutions fair. I’m not waiting. Still on GPG.

      Note: There is something stronger that I’ve been aiding in the design on. That’s Ottela’s Tinfoil Chat. It still needs porting from Python reference to a secure, systems implementation. Secure coders in C, Ada, or Rust can have at it as the physical architecture itself prevents almost all software-based, endpoint attacks from leaking secrets. I haven’t seen anything else I’d recommend over GPG, though.

      1. 7

        Aside: This is the exact reason I MUCH prefer Lobste.rs to HN. Discussion > weighted opinion. Kudos to OP for the opportunity.

        1. 6

          I agree, as much as I disliked the article, hearing dissenting opinions is really important. I really think there is far too much mono-culture in this field, so yeah thanks OP.

        2. 3

          So you think PGP is enough for you since you aren’t saying anything reeaally confidential? Nobody actually cares how much you like to lie to yourself stating you have nothing to hide. If that was the case, why don’t you do it on the street, as John Lennon used to ask?

          It’s not about you, it’s about your civic duty not to be a member of a predictable populace. If somebody is able to know all your preferences, habits and political views, you are causing damage to democratic society. That’s why it is not enough that you are covering naughty parts of yourself with a bit of PGP, if all the rest of it is still in the nude. Start feeling guilty. Now.

          Yikes. You’d have to be pretty politically sheltered to believe anybody that would be persecuted for their exchanges by state actors is harmful to society.

          1. 3

            I think it meant that you are harming society if you allow yourself to be spied on, not that you are harming society by having something to hide.

            1. 3

              If so, it’s cryptically phrased ?

              1. 2

                s/cryptically/badly/g ftfy

                1. 1

                  That joke is way funnier now you’ve explained it /s

            2. 3

              It’s not about you, it’s about your civic duty not to be a member of a predictable populace. If somebody is able to know all your preferences, habits and political views, you are causing damage to democratic society.

              I thought it was people not participating in government as an active democracy that damaged democratic society. Allowing crooked politicians, prosecutors, and cops immunity are main example. Turning our spies on us is a more recent one. Apathy about doing anything important vs watching the game on TV or crops growing on iPhone. Empowering surveillance-oriented companies in exchange for free or unnecessary goods. Things like this.

              If they were in check, the threat of less privacy would be vastly less than it is today. These conversations would be quite academic. Mostly done by academics, too.

            3. 2

              I’m a fan of GPG specifically for self-attestation for a message, specifically using the strong, non-RSA-based ECDSA. For me, the GPG use case is a broadcast-style message that I want strongly bound to my identity, which for me is a rare but important case.