Smart card

[Robert J. Hansen]

> I know of PGP-based WoT used in security-aware networks of sysadmins,
> CERTs etc. I would have guessed that a significant part of the
> audience of this list are professional/experienced/involved admins or
> developers. But let me know why the majority of users are not.

I've been in the PGP community for 25 years.  I've been the official
GnuPG FAQ maintainer for a few years, which has led to me getting a
steady stream of questions from people who mistakenly (though
understandably) think I'm GnuPG's helpdesk.  I've been part of
Enigmail's official help team for about a decade.  For almost fifteen
years I've been involved in training people in how to practice good
communications security in hostile environments: journalists, NGO
workers, and even union organizers.  That's my background which is
informing my answer.  I'm not presenting it to argue that I'm right, but
so you may have an estimate of how I may be biased.

The average GnuPG user is not a technical expert.  They come to GnuPG
from somewhere else as the result of an awareness of how their
communications may be at risk.  When I addressed a crowd of United
Electricalworkers employees, for instance, they were concerned employers
might be snooping on private union communications.

The average GnuPG user runs Windows.

The average GnuPG user neither knows nor cares what MIME is.

The average GnuPG user has a specific threat model in mind--"I'm worried
my employer might be reading my union-related email which gets sent to
my corporate account"--not diffuse, unfocused ideas about hypothetical
malware that might be targeting certificates.

The average GnuPG user understands the threat actor ("my employer", "the
secret police", "a competing political party"), but has a poor
understanding of the actor's capabilities or how to defend against them.

The average GnuPG user uses GnuPG as a last, desperate, final resort.
If they had a better avenue, they'd take it.  (E.g., I pointed out to
United Electricalworkers they could sign up for free webmail accounts
and their union emails would no longer be on their employers' email
servers.)

The average GnuPG user is scared, and rightly so.  This system is so
eye-poppingly user-unfriendly that the userbase largely consists of two
groups: people who have threats serious enough to warrant dealing with
such a tool, and people who are paranoid and think they do.

The average GnuPG user finds the system to be at the outer limit of
their technical skill.

The average GnuPG user is deeply interested in doing things right, but
has no idea how to evaluate what's right.  As a result they often get
tied up in cryptographic technofetishism fed to them by others, and
getting them to drop this technofetishism is *really really hard*.
After all, their commitment to 16384-bit RSA keys has kept them safe, right?

=====

Two years ago there was a Spanish digital civil liberties convention
called Circumvention.  (They've since changed their name to the Internet
Freedom Festival.)  They thought I'd be a good resource for them, so
they flew me to Valencia for a week.  During that week I met up with
literally dozens of technical trainers -- people who after the
convention were going home to places like Syria, Iran, and Zimbabwe,
where they'd be meeting with local journalists and teaching them how to
safely communicate with the West.

I had heartbreaking conversations with them.  Without exception, every
one of the trainers had firsthand knowledge of people who critically
needed communications security, but who found GnuPG (and Enigmail) to be
too difficult to use.  Without exception, every one of the trainers
wanted GnuPG (and Enigmail) to be made simpler.

Simplicity is literally a matter of life and death.

So when someone asks about smartcards, please, let's keep the discussion
focused on whether they need a smartcard.  Because the instant people
think smartcards are universally necessary, we lose.