German ct magazine postulates death of pgp encryption

Werner Koch wk at
Fri Feb 27 15:40:01 CET 2015

On Fri, 27 Feb 2015 13:23, gnupg-ml at said:

> have some valid points; the latest articles are by no means mindless
> rants or PGP-bashing. The thought of letting PGP die as an e-mail

The article has two problems:

 - It compares an offline system (mail) with online systems (chat
   systems).  You can't compare them unless you also change the headline
   to "Let mail die!".

 - It claims that the protocol is responsible for the problem instead of
   pin-pointing that the mail providers do not take up on it.

Back in the good all days where everyone ran their own MTA and had full
control over their DNS zones, fixing the problems would have been very
easy.  Today virtually everyone uses a large mail provider and thus has
no more control over the own mail address including the zone.

Given this, it is important to convince the mail providers to support
their users doing end-to-end encryption.  It would really be simple.  I
am not calling for a high-end security solution; just for a simple way
to get authoritative information on the key associated with the mail
address.  A few scripts and an optional entry field in the user's mail
account management is all what is required.  With that in place we can
easily fine tune the long existing mechanisms in gpg for key retrieval
and then Jürgen Schmidt would not anymore get mails accidentally
encrypted so someone else.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list