[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Avoiding PGP

On Mar 15, 2018 3:50 AM, "Alexander Klimov via cryptography" <cryptography AT metzdowd.com> wrote:

The problem only starts then none of the users is tech-savvy or only
one is and he cannot support the other. I think this is quite rare
use-case and it is very unlikely that someone without knowledge or
support will be able to use any cryptographic system securely, so we
should not blame GnuPG here.

Seriously? You think that is *rare* when only one user is tech savvy and unable to provide sustained tech support for friends and family? Half of my friends & family belongs to the "blinking twelve" club. Me trying to explain WoT to them would certainly result in a deer-in-the-headlights look. On the other hand, I don't even need to explain Signal to people. For the most part, it's just install it and go, taking care to explain how to note when 1 or more recipients are not using Signal and how that message is not delivered with end-to-end encryption to those people.

So while I am not *blaming* GnuPG, it most definitely is harder for non-technical folks to use. Also it is interesting to note that inside of corporations, PGP and S/MIME email have largely been replaced with Identity Based Encryption such as Voltage Secure Email. No need to explain that to people.

Blog: http://off-the-wall-security.blogspot.com/  |  Twitter:  @KevinWWall
NSA: All your crypto bit are belong to us.
The cryptography mailing list
cryptography AT metzdowd.com