German ct magazine postulates death of pgp encryption

Hugo Osvaldo Barrera hugo at barrera.io
Sat Feb 28 00:48:21 CET 2015


On 2015-02-27 13:23, Ralph Seichter wrote:
> > Your positions to this ct approach?
> 
> The c't magazine is mostly well respected in Germany and the editors
> have some valid points; the latest articles are by no means mindless
> rants or PGP-bashing. The thought of letting PGP die as an e-mail
> encryption mechanism for the "masses" (the non-tech-savvy average users)
> and to have it replaced with something my mother could use is valid. The
> c't editorial also clearly states that PGP works perfectly well and is
> secure as long as keys are verified, but fake keys and people not
> verifying fingerprints are a reality. Alice can't just send an e-mail to
> Bob, she needs to acquire and verify Bob's public key first. Compare
> this to transparent encryption like Apple's iMessage service uses and it
> is not hard to answer which mechanism has better usability. I like and
> use PGP like probably every subscriber on this mailing list, but the
> number of people I can exchange PGP-encrypted data with is very low when
> compared to the total number of my e-mail contacts.
> 
> -Ralph

iMessages model offers way less security than GPG, and a centrail authority
that all of humanity needs to trust in charge of everything is incredibly
naive.

What if I work for Apple's competition and need to send an extremely
confidential message to my coworkers? I can't possibly trust Apple with
handling my keys transparently for me.

Encryption is clumbersome because that's the price of security and privacy. I
hate having to put the key on the lock every day to open it, but if I don't,
anyone can get in.

Sure, I've heard the arguments like:

* Let's use a globally trusted authority instead: There's no such thing and
  never will be. Someone will always have a valid reason to distrust it.
* Set up your own keyexchange server: Ok, so we're back to GPG and keyrings
  where users need to manually retrieve keys from different places and
  determine if they're the right one or not.

Please, stop spreading the iMessage falacy, it's system offers privacy only
from *some* parties, but not from everyone.

-- 
Hugo Osvaldo Barrera
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: </pipermail/attachments/20150227/c6f4c201/attachment-0001.sig>


More information about the Gnupg-users mailing list