Essay on PGP as it is used today

Andrew Gallagher andrewg at andrewg.com
Wed Jul 17 08:52:35 CEST 2019


On 17 Jul 2019, at 05:05, Robert J. Hansen <rjh at sixdemonbag.org> wrote:

> But all in all?  It's a good criticism.

Indeed. Backwards compatibility with the 1990s is an albatross. Anyone still using obsolete ciphers is screwed anyway, so why encourage it?

Some nitpicking:

* Modern PGP does encrypt subjects (although not other metadata).

* Magic wormhole is an excellent toy, but it’s written in python, so literally the *first person* I tested it with got his dependency stack shredded. I think he’s forgiven me but he hasn’t used it since. The line about rewriting wormhole in a decent language may look throwaway but it’s not.

* Similarly, the alternative archiving software suggested is still a work in progress. It’s all very well criticising PGP for being a clumsy jack of all trades, but “modern crypto” has had twenty years to replace it and still hasn’t fully succeeded. This isn’t just on PGP. 

* And finally: “don’t encrypt email”? Yes, well. Email is not going away. Just like passwords, its death has been long anticipated, yet never arrives. So what do we do in the meantime?

But yes. 

A



More information about the Gnupg-users mailing list