[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Avoiding PGP

On 03/18/2018 04:56 PM, Phillip Hallam-Baker wrote:
> ​Perfect? Good grief... only if you haven't used any application developed since
> 1995 or so.

I think the only perfect use is in package managers in linux that do the
signature checking for you.

> If you think it is perfect you understand nothing about usability. When people
> blame the users rather than the developers, they are always wrong because the
> users have no ability to change anything, only the developers do. 
> I was utterly dumfounded ​when I used the GPG plug in and received my first
> encrypted email and had to tell the app to decrypt it. No, that is not acceptable.

Currently, Enigmail Thunderbird plugin kind of works. By "kind of" I mean it's
still easy to make mistakes like sending unencrypted emails or saving
unencrypted draft if you don't have the settings correct.

However, we have had a few success stories in teaching non-tech people (e.g.
medicine professionals) to use it correctly.

> WoT sounds great until you realize that most people just use the keys on the MIT
> key server and make no effort to validate them whatsoever. So really good trust
> has been downgraded to none.

Yes, web-of-trust is a failed concept. What I usually do if I can't get a
fingerprint from other channel, is to google for it and check google cache
whether a person put it on their webpage (then check whois, etc). Keybase.io is
a tool that can make this work, but it's not as well known.

> Neither is fit for purpose today. If not for the standards war, I would say lets
> fix one or the other but that isn't possible when one has mindshare and the
> other has deployment. We never really got past the VHS/Betamax standards war
> either, that was ultimately decided when Sony started work on DVD.

Usability of PGP/GPG for emails/personal communication is definitely a UI
problem (and also the reason PKI exists at all in the first place). That is the
reason why people suggest applications like Signal that make communication
encrypted by default.

Signal uses TOFU + GSM checking, but that has two vulnerabilities:

- if your target does not use Signal, you can impersonate him by exploiting SS7
or similar hack (however, SS7 manipulation is not exactly easy)
- changing of phone without restoring the original key means a warning that the
key has changed, so you now have to do the fingerprint checking again

Bottom line: GPG works well when it has been provisioned with keys for you, like
package managers in Linux. Not so well for personal email.

  O. Mikle
The cryptography mailing list
cryptography AT metzdowd.com