It's time for PGP to die.

Robert J. Hansen rjh at
Sun Aug 17 01:08:29 CEST 2014

On 8/16/2014 1:14 PM, Kristy Chambers wrote:
> Sorry for that crap subject. I just want to leave this.

Meh.  Color me unimpressed.

* "PGP keys suck."  No, asymmetric key infrastructure sucks in general.
 OpenPGP provides no infrastructure, only tools with which to build
infrastructure.  If your organization doesn't build its infrastructure,
that's not OpenPGP's fault.

* "PGP key management sucks."  Sigh.  Ditto.

* "No forward secrecy."  Not everyone needs PFS, and frankly, obsession
with PFS is one of those things I really wish people would grow out of.
 Before complaining about what OpenPGP needs or where it's lacking, try
looking at where OpenPGP has been broken in the real world.  Hint: PFS
ain't a panacea.

* "The OpenPGP format and defaults suck."

Good Lord, no.  As Jon Callas pointed out recently on the OpenPGP
working group list, there's a big difference between what the standard
*requires* and what implementations are encouraged to *use*.  Most
implementations have moved far beyond minimal conformance with the
standard.  The standard exists so that there is a common minimal core
that all clients can conform to: the reality is the two biggest players
(PGP and GnuPG) both go *far* beyond the defaults.

* "Terrible mail client implementations."

Again, unimpressed.  Consider his criticism that most OpenPGP-enabled
mail clients store passphrases in memory for longer than he'd like.
Well, one, this is easily configurable via gpg-agent, and two, *so
what*?  If an attacker is in a position where he or she can read
arbitrary memory locations on your PC, you're completely screwed anyway
and there's nothing OpenPGP can do to help you.

* "So what should we be doing?"

I'd start by ignoring the recommendations.  Do your own homework on
where OpenPGP fails and how, and start thinking about how to fix those.
 The author falls into the trap of knowing how to fix A, B, and C, and
so he wants to fix A, B, and C, without realizing the real problems are
X, Y and Z.

OpenPGP's biggest problem, BTW, which goes *completely unmentioned* in
this blogpost: OpenPGP can't protect your metadata, and that turns out
to often be higher-value content than your emails themselves are.
Further, exposed metadata is inherent to SMTP, which means this problem
is going to be absolutely devilish to fix.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20140816/dcc4a5ec/attachment-0001.bin>

More information about the Gnupg-users mailing list