Future OpenPGP Support in Thunderbird

[Robert J. Hansen]

> PGP and GnuPG and the related communities have tried really hard to
> build a system based on person's long-term identity keys. All that web
> of trust thing relies on keys that are used relatively long time. But as
> we know this doesn't work for most people. People are really bad at
> maintaining long-term identity keys.

A few years ago at Circumvention (the first Internet Freedom Festival),
I was asked to give an impromptu talk on Things You're Doing Wrong With
OpenPGP.

The first thing on my list was certificate lifetime.  We teach people
the importance of maintaining their certificate for the long haul, but
we also know very few people are capable of doing that.  What we *don't*
teach them is how to rebuild their trust network after a
loss-of-certificate event.  So when someone loses their cert, or has a
system compromise, or their YubiKey goes through the laundry, or
what-have-you, they get a double whammy of failure: they feel like a
failure because they didn't do this thing that was expected of them
(keep the cert for 20+ years, never mind how unreasonable that it), and
they feel like a failure for not knowing how to recover from it.

So instead: teach people that it's okay to lose a cert, so long as you
have a plan to come back from it.  Then if their Yubi goes through the
laundry they (a) don't feel like a failure and (b) already have a plan
for how to move forward.

Seriously, ending the Cult of the Long-Term Certificate is one of the
simple but good things I think we should be embracing for the sake of users.