Some thoughts on the future of OpenPGP and GnuPG

Tue Jul 2 20:41:12 CEST 2019

On 2019-07-01 at 18:32 +0200, karel-v_g--- via Gnupg-users wrote:
> Hello!
> Just right now I have read about a security vulnerability in the PGP keyservers,

Note: that's a problem with the keyservers and key distribution, not
with PGP itself.

(...)
> So my question as a user with a need for strong mail encryption is, whether it is not a time to start over with an all new encryption standard replacing OpenPGP and S/MIME completely. Something like the much praised Wireguard is doing right now in the VPN-world.
> Implementing just one (or two if needed) standardized modern method for each of the following basic components: s2k-function, hash algorithm, authenticating symmetric crypto-algorithm, one ECC-based and one conventional asymmetric crypto-algorithm. And somethin to ease the key distribution. OPENPGPKEY and WKD might be suitable for that.
> Thats it. No backwards compatibility. All new lean and easy.

That won't solve *email* encryption.
In fact, you will again some old problems (that may not have been fixed
completely even after all these years, though).

A new shiny system could be made in a couple of days that worked in a
different way and required you to use a separate program.

Encrypted messages could be exchanged through email in the form of
attachments that you need to extract, then open with a special program
to decrypt.
(In fact, many people _currently_ use OpenPGP in that stony age way)

But none of those is really *email* encryption.
You could maybe even make that new program able to connect to your
existing email via IMAP (assuming it's supported!).

But then, it needs to work in Microsoft Outlook. Or in Lotus.
Or have it sent thorough a certain Exchange server which blocks the
encrypted mails sent using this PGP plugin but not this other one.
While the first one does a much better job for reading than the second
one. And you end up with the bizarre case of having one plugin that
works for reading and another for writing.

Let's not get started with being able to read it on the company
smartphone where only a single email client is allowed.
Or the Webmail you were provided.

Here we face the adoption problem. If everyone used OpenPGP, all email
clients would be expected to support it. And those creating the email
clients would dedicate resources so that their MUA works properly with
encrypted messages, rather than leaving that to third parties that often
need to loop through holes to support things.

(Also, many mail providers actually benefit from having access to users'
data, from virus/spam filters, to learning your preferences in order to
eg. show you more suited ads. Combined with little customer interest of
such feature, it's not that strange there hasn't been much interest on
going the route for OpenPGP adoption)

MUA support is the big problem IMHO. First of all for supporting
seamless reading and writing of encrypted emails, and then having the
right user interfaces.

A new system could improve some minor things in the wire format and
encryption options, but it's working pretty well there, and can be fixed
relatively painlessly on rfc4880 successor.

The big deal are email clients. And there you would have all the issues
that existing implementations have. Plus those they have fixed.
Unless you somehow get to have everyone moving to encrypted mails almost
at once, so it creates such pressure.

> In my experience there are so few people actually using OpenPGP and these 
> are crypto experienced so they should eysily adopt the modern proposal. 

That would be much more harder than you expect. But the big problem is
the above one. And rewriting everything won't solve that.

Regards