[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Avoiding PGP

Hi Carlos,

On Wed, Mar 14, 2018 at 01:56:38PM -0400, Carlos Alas via cryptography wrote:
> I have been reading advice on not to use PGP, some very well founded
> (the third one below by Filippo Valsorda deserves attention), I am
> including the top 3 results from google on the query: "PGP not worh
> it":
> http://secushare.org/PGP
> https://motherboard.vice.com/en_us/article/vvbw9a/even-the-inventor-of-pgp-doesnt-use-pgp
> https://blog.filippo.io/giving-up-on-long-term-pgp/
> My question is: Is there any substitute or equivalent? And I am aware
> that many people advice to use Signal, however I am wondering about an
> e-mail specific alternative.

Well, having worked at several companies that have required all internal
email communication to be encrypted, there are really only two
options (In commercial / business sector).  PGP/GPG, and S/MIME.

I've used both systems for at least a year each.  PGP suffers from two
problems.  Symantec (Intel) deviated from the PGP specification, and
their apps generally suck unless you mindlessly sit at desk using
Windows as IT configured it for you.  Even then it falls over
frequently.  The deviation from the spec has resulted in a staring
contest between PGP Universal and GPG implementers.  PGP doesn't care,
and GPG folks refuse to add compatibility shims to make it "just work".

And even if the impasse weren't there, users have to think *way* too
much.  So the second bullet is that the cognitive burden is simply too
high.  Personally, I only use GPG to sign an occasional email, or to
sign a git tag for a pull request.

S/MIME, however, works dang near everywhere.  If you politely ignore the
fact that IT hands you your .p12 and the password for it.  This includes
the private key.  Ergo, most deployments implement key escrow.  You
don't *have* to, users could create keys on-device, and submit CSRs
(remember, internal email only, corporate devices, add private CA).

The problem with S/MIME, though, no one, outside of business, uses it.
But for business it works fairly well.

In either case, remember to keep your old keys when you rotate to new
ones.  Otherwise you won't be able to read old archived messages.

But yeah, seriously, you're looking at a tremendous maintenance and
admin burden for either one.  Just use signal.  :-)


The cryptography mailing list
cryptography AT metzdowd.com