German ct magazine postulates death of pgp encryption

[Christoph Anton Mitterer]

Hey.

I really cannot understand why ct/heise and some others run these
Anti-OpenPGP campaigns recently, while at the same time hypocritically
claiming they'd be in favour of cryptography for people.


- Per se, users will need to have at least some basic understanding of
cryptography - otherwise anyone could trick them into doing anything.
I'm talking about things like "don't blindly sign others keys", or that
one cannot securely communicated with a peer unless one has more or less
directly exchanged some credentials (e.g. fingerprints) with that.

- Apart from that, OpenPGP isn't that complicated, there are many
front-ends which allow the end user to use gnupg in an easy manner.

- If one wants real security, one will never get around that mutual
authentication / credential-exchange ... and THIS is the actual thing
that makes OpenPGP (in contrast to X.509 and friends) "complicated".


And this is also why I'd call ct/heise anti-cryptographers:

For some months now they demand "cryptography made easy" and to kick
everything else into the can.
They basically demand stuff like "TextSecure" which they advertise as
the best secure messenger out there - while it actually doesn't even
demand users to mutually verify any credentials at all. And even if they
do one hasn't even a way to mark a contact as validated or not (bug open
for ages now).
This is basically what they want: Anonymous cryptography, whose complete
security is based on some good luck whether you've communicated with the
right peer the first time.

But instead of just advertising that crap, they seem to also have went
on some stupid anti-OpenPGP campaign... o.O


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: </pipermail/attachments/20150227/b733b70f/attachment.bin>