Stories
Slash Boxes
Comments

SoylentNews is people

Op-Ed: Why I'm Not Giving Up on PGP

posted by on Monday December 26 2016, @11:37AM   Printer-friendly
from the it's-still-pretty-good dept.

Phoenix666 writes:

An Op-Ed piece from ArsTechnica:

Every once in a while, a prominent member of the security community publishes an article about how horrible OpenPGP is. Matthew Green wrote one in 2014 and Moxie Marlinspike wrote one in 2015. The most recent was written by Filippo Valsorda, here on the pages of Ars Technica, which Matthew Green says "sums up the main reason I think PGP is so bad and dangerous."

In this article I want to respond to the points that Filippo raises. In short, Filippo is right about some of the details, but wrong about the big picture. For the record, I work on GnuPG, the most popular OpenPGP implementation.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Op-Ed: Why I'm Not Giving Up on PGP | Log In/Create an Account | Top | 26 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Monday December 26 2016, @03:08PM

    by Anonymous Coward on Monday December 26 2016, @03:08PM (#446078)

    i think i set it up a looong time ago on a NT computer? you had to wiggle the mouse cursor
    on the screen during install/setup to generate a private key?

    it never moved beyonf the point because i found out that nobody in the family with access (to my computer)
    had that much of a clue to mess with my computer. also i was reinstalling and generally
    messing about with the system too much to care for secrets(and stuff to keep) thus sh1t broke more often then not : )

    fast forward years, nothing much has changed. the info contained in my emails is same as in yours (boring);
    the family and friends didn't get much better at using a computer.

    so i have nothing important to encrypt and nobody to send it to because it's too difficult too use ... for most.

    if i have to "be secret" about some digital attachments, i setup a mail server with a web-interface on a non-ion domain
    and tell to install t-or and go to ... this and this url and login with this and this password.
    the login credential mostly are distributed over varies channels (chat, phone, sms) and questions that i know
    only the receiver can answer and then serves as a password or username. then it gets delete.