Is the OpenPGP model still useful?

Robert J. Hansen rjh at
Fri Apr 29 15:12:43 CEST 2011

On 4/28/11 11:05 AM, Michel Messerschmidt wrote:
> Sounds very much like Off-the-Record messaging for every kind of 
> communication. Or is there a difference I have missed?

The barrier to usage is still high with OTR: users still have to
authenticate, and you can get horrible sync issues.  Plus, let's not
forget the wacky hijinks that occur if you're logged into IM from two
places at once -- although this is explicitly supported by some IM
protocols (Jabber), with OTR it causes no end of troubles.

The thought experiment here -- it's not a real proposal -- is, "what
would happen if we discarded authentication entirely, and went purely
for a require-brute-force approach to discover the random session key?"

More information about the Gnupg-users mailing list