[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cryptography] Avoiding PGP
- From: Walter van Holst <walter.van.holst AT xs4all.nl>
- Subject: Re: [Cryptography] Avoiding PGP
- Date: Mon, 19 Mar 2018 08:56:16 +0100
- Arc-authentication-results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com designates 2001:470:30:84:e276:63ff:fe62:3500 as permitted sender) smtp.mailfrom=cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :user-agent:message-id:references:in-reply-to:organization:to:from :date:mime-version:delivered-to:arc-authentication-results; bh=22AicxE5vVxjUteRfuEYOxOmrEzmkmnZlUycm24Rq5Y=; b=Q++DwfXSNIZDBIW5CecwbL0VqYX/2hltX4nmGZGWK+UgHW0BeZjhQe4EmyV5YiVCMq ic81qdY/ECisUZKIUzIKT+kaSFwSnj+Mgho619nDTen87vbRrs5S7UEZow4Eg6CsJw9p HW6DhIVpbxIGHek7+Xhdsa76toepHDO3Wcx+GZ6+RxJt57j+F3g7QH35oQuxSeu+NFLj EVaVq9avyEjv+0eYISllB6LjkLvg3A7AEZnLkAGkXWRDoV3xxZFmF2FcFv2AeZoe8Gh5 qk+TxUUh7ujWwmF7x5qm7Dpgiidx0yoHp+B752QNES2AGDOZ7FmmNb9xBr9shh0WZ/iy z5oQ==
- Arc-seal: i=1; a=rsa-sha256; t=1521485319; cv=none; d=google.com; s=arc-20160816; b=b+HALp++decz9Ded6JsvFC9d/mlEiblNPRtPdtYbSDId3vmkYxNkpgkEvacCGGlRK7 96xcKDNwRrTPA02WtK2Wj+XXfj1UmMPLAO8QORe962eAnzeG+HXSXHeJ2KDFPWA9nWt5 RU9XPcL1p/TWT5jpEuAjMXwhUi7TtI/nw3/io2xRO2j/GUiltETW3jQmlfAAhTu/P5TZ ZAX0uEcDOGUy3XX/HnoJRe5vnx8h/3dYg/vL8lzfNov9zV5vaIPFoWAG3RJnsFs++1XC QTzhyRXat1HcopPVlJkPbgGy2p7GHNuMwJg/p0qHk+sSL38eWKAgFDw8jTsSpBhHy6AF 3aRA==
- List-archive: <http://www.metzdowd.com/pipermail/cryptography/>
- Organization: COMECON
- Sender: "cryptography" <cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com>
- To: cryptography AT metzdowd.com
On 2018-03-16 19:11, Alexander Klimov via cryptography wrote:
We were talking about email. If you want IM, simply teach the grandma
to start Pidgin and initiate OTR for her. Again a two-minute task
which is absolutely negligible compared to the rest of the teaching.
OTR + XMPP is from a usability perspective a raging dumpster fire. XMPP
has a piss poor support for people changing from device during a
conversation, OTR even less so.
And even under "perfect" circumstances I have experienced repeatedly
that OTR refused to initiate or stubbornly stuck to an older session.
Generating useless errors "you received a message for a different
session" in the process.
Whoever designed and/or implemented bloody mess that deserves the same
circle of hell as the Microsoft developers who designed their numbered
paragraphs bits in Word.
And don´t get me started about the state of play with GPG. A long time
ago in a Galaxy far away (well, ok, in 1993) I wrote a quasi-GUI for PGP
to make it bearable (it was called PGP-Front). Fast forward to 2018 and
the most of the tooling around GPG has only gotten marginally better.
Enigmail manages to give you the impression that you have sent encrypted
mail when it is actually cleartext. Key management is still an
incredible pain in the behind.
Also, in the real world people want to look at their mail from multiple
devices. Which is not a terribly good fit with GPG right now. To put it
very, very mildly. I have to ask people to resend their encrypted mails
in cleartext on an almost weekly basis if it is urgent.
Encryption that causes people to resort to plaintext just isn´t teaching
good security habits. Both GPG and OTR fall in that category.
The cryptography mailing list
cryptography AT metzdowd.com