Your Thoughts

Ryan McGinnis ryan at
Tue Jul 2 14:10:58 CEST 2019

Right, I probably wasn’t being very clear with what I meant.  What I’m saying is that people who use PGP at the moment are rather tech savvy, lady over from the legacy of the fact that for most of PGP’s existence a user *had* to be tech savvy to even get PGP backed out of the metaphorical garage.  Because of this, applications that use PGP all seem designed to make that crowd happy.  But making that crowd happy necessarily excludes the much larger crowd that would never need, consider, or even understand aid-gapping.

Signal went the other way.  Build a verifiably secure communications platform so easy that literally anyone can figure it out.  Make it hard to impossible to screw up.  Most of the people who implemented secure whisper adopted this philosophy.  No, it’s not federated, but in terms of real-world impact it actually has one because people actually use it to communicate.

-Ryan McGinnis
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, July 2, 2019 3:06 AM, Peter Lebbing <peter at> wrote:

> On 01/07/2019 23:55, Ryan McGinnis via Gnupg-users wrote:

> > Null modem transfer of your messages? Yikes. To me that’s the issue
> > with PGP in general as it relates to secure communications

> None of any of the alternatives to OpenPGP you mention solve the issue
> that a secure offline system sets out to solve. They are orthogonal
> issues.

> Alternatives to OpenPGP have the same need or lack of need of a secure
> offline system as OpenPGP itself. The only difference I can think of
> would be in the number of messages disclosed or the range of signatures
> that could be faked by a compromise, not the base premise of disclosure
> and impersonation.

> You might well reasonably object to the UX of OpenPGP. Just not on the
> ground that there are people who think about offline secure systems,
> that makes no sense to me. The two are unrelated. The only relation I
> can think of is that people who think about deploying offline secure
> systems probably aren't quickly scared off by an overly complicated
> system ;-).

> Cheers,

> Peter.

> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - ryan at - 0x5C738727.asc
Type: application/pgp-keys
Size: 3215 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 855 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list