Why you should not use PGP

Jagadeesh Venugopal jagadeesh@jagadeesh.com
Wed Dec 4 23:01:02 2002


I'm really not trolling for flames, because I
hopefully am preaching to the choir.

PGP is in the middle of one of its periodic
resurgences. Absent any other alternatives, PGP would
be the preferred means of securing one's files and
email.

The problem with PGP is not in the product. The
problem is that thus far, no one has been able to make
a business of PGP. Thus it started with a checkered
provenance (unlicensed use of RSA, etc) and then went
through three different commercial attempts (the
latest being the third). The biggest concern about PGP
is this... you may encrypt your documents to last you
a long time (e.g. decades). Given the tumultuous past
of PGP, it is doubtful whether PGP will exist by the
time you want to decrypt your documents. OTOH, GnuPG
will always exist; and so will other components of the
Gnu suite that are needed to compile it. And they are
guaranteed to be free now and forever.

There is another reason not to use PGP. We have a
robust and viable alternative in the free software
world. By using PGP, we are detracting from the
mindshare and attention that would otherwise go to
GnuPG. Building up this critical mass of mindshare and
taking it to the average Joe is what will make GnuPG
shine in the areas that currently need some work (e.g.
a robust GUI).

Thus, friends, I urge you to not download the latest
version of PGP. In its past, PGP has done great
things. After all, it is the progenitor of GnuPG.
However it has done its part. Use the free software
alternative. Put up with its rough edges for the short
term(and perchance try to improve it). It is as good
as PGP in encryption and will get there in usability
and user interface.

Sincerely
Jagadeesh

=====
Jagadeesh K. Venugopal, PMP