Fwd: It's time for PGP to die.

Michael Anders micha137 at gmx.de
Sun Aug 17 17:08:58 CEST 2014 

I share most of Greene's arguments agaist PGP to a limited extent,
however, he seems strongly biased against it.
There are two points, in which I strongly disagree with Greene:

A) For me forward secrecy is not of utmost importance for asymmetric end
to end mail encryption. Your private key is compromized if your system
has been hacked(if you don't live in a police state where authorities
can force you to reveal it). Most likely the important private messages
will still reside on your system then, so they are leaked anyways in
this case. So there is limited gain by implementing forward secrecy. So
the complaint about lacking forward secrecy is exaggerated in my eyes.

Nevertheless, there do exist solutions for asynchronous message exchange
with forward secrecy and we need to have an eye on them and watch out
for new publications on these. At present IMHO they are awkwardly
difficult to implement and maintain and just keeping a watchful eye on
them seems perfectly reasonable today. 
Once a crisp and nicely implementable asynchronous protocol with forward
secrecy comes up, however, we should have it implemented
immediately.(The synchronous ones are easy, of course.)

B) A minor point.
Greene complains, that in PGP securing ciphers with a MAC is not
enforced in the standard. For an asymmetrically enciphered message IMHO
it does not make any sense whatsoever, to secure message authenticity
with a MAC. A correct MAC is proof that the message has not been altered
by someone not knowing the symmetric key. But knowledge of the symmetric
key doesn't prove anything since it is essentially a random number
selected by the unauthenticated sender. So a correct MAC in a RSA cipher
just proves that the sender is the sender - so what? (I know that many
people disagree with me on this point, yet I have never heard a
convincing argument for the MAC in an asymmetric cipher.)
If you want authenticity, you have to have the message or cipher be
digitally signed by the sender.
For me the critcism of PGP is clearly unfair regarding this second
aspect.

Regards,
  Michael Anders

More information about the Gnupg-users mailing list