Is the OpenPGP model still useful?

Werner Koch wk at
Wed Apr 27 17:49:45 CEST 2011

On Wed, 27 Apr 2011 17:09, mwood at IUPUI.Edu said:

> o  Agreed:  OpenPGP is difficult.

Nope.  It is not difficult.  The trust model most of us are using is
difficult to explain and to use properly.  However this model (Web of
Trust) has nothing to do with OpenPGP; it is not even specified in
RFC4880 [1].  You can use OpenPGP with all kind of other trust models;
in fact only some MUAs recently switched to enforce key validation
(i.e. dropping the --always-trust option).

BTW, the discussion is not OpenPGP specific but applies also to S/MIME.
A better subject would have been: "Is desktop to desktop encryption
still useful?".



[1] In contrast, S/MIME is difficult to use because the specs require
    the use of an external PKI and a certain trust model - something a
    user can't setup simply. (Unless he uses self-signed certificates,
    which most email implementations won't grok.)

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list