Some thoughts on the future of OpenPGP and GnuPG
karel-v_g at tutanota.com
karel-v_g at tutanota.com
Mon Jul 1 18:32:56 CEST 2019
Just right now I have read about a security vulnerability in the PGP keyservers, that can likely not be fixed according to Heise Online.
That makes me writing about something I have been thinking of for quiet some time now:
I am working in an environment that deals with highly sensitive personal data and my first PGP-key dates back to as far as the mid 1990s. Meanwhile I have changed it a few times, going from PGP 2.3 to the DH/DSS-Keys propagated by PGP 5 and then back to RSA-Keys with GnuPG.
When looking at my In- and Outbox over the whole time I can safely say that I received and send only about 25 (!) mails in all the years and that many of my contacts simply have no PGP or don't use it any longer. It is easier and more reliable to send sensitive data by fax or mail for them.
Many attempts to make mail encryption easier have failed and the standards we have for it are aging. S/MIME was never repaired after the so called efail-attack and OpenPGP relies on a SHA1-based modification detection code to protect from it as far as I know. Many other aspects are also far from moderns standards.
Beyond this the complicated (and now dysfunctional as stated above) keydistribution caused many people to either send mails unencrypted, use regular mail or fax or use encrypting messengers nowadays.
The renewal of the OpenPGP-standard has stopped or stalled last year and the additions to GnuPG were also rather small in the past years (aside from ECC).
So my question as a user with a need for strong mail encryption is, whether it is not a time to start over with an all new encryption standard replacing OpenPGP and S/MIME completely. Something like the much praised Wireguard is doing right now in the VPN-world.
Implementing just one (or two if needed) standardized modern method for each of the following basic components: s2k-function, hash algorithm, authenticating symmetric crypto-algorithm, one ECC-based and one conventional asymmetric crypto-algorithm. And somethin to ease the key distribution. OPENPGPKEY and WKD might be suitable for that.
Thats it. No backwards compatibility. All new lean and easy. In my experience there are so few people actually using OpenPGP and these are crypto experienced so they should eysily adopt the modern proposal. If really needed the old standards could be supported for some time in a seperate "classic" component, but without the ability to create new keys.
To propagate the distribution of this hypothetical new format it might be useful to get some of the major mailproviders, business software companies and mail software vendors might be useful, another problem of OpenPGP was and is that aditional software components are needed.
Once again: I know that won't be easy or perhaps it can't be done at all. I really appreciate the work and commitment of Werner and all the others here and I am donatig each year to support them. But their work is simply not working in the real world. Sorry to say so, but that's my eperience and view as a user -or let's better say wannabe user as there is no one to write encrypted mails to... ;)
Thanks for reading and discussing!
More information about the Gnupg-users