posted by charon on Monday December 26, @11:37AM
from the it's-still-pretty-good dept.
An Op-Ed piece from ArsTechnica:
Every once in a while, a prominent member of the security community publishes an article about how horrible OpenPGP is. Matthew Green wrote one in 2014 and Moxie Marlinspike wrote one in 2015. The most recent was written by Filippo Valsorda, here on the pages of Ars Technica, which Matthew Green says "sums up the main reason I think PGP is so bad and dangerous."
In this article I want to respond to the points that Filippo raises. In short, Filippo is right about some of the details, but wrong about the big picture. For the record, I work on GnuPG, the most popular OpenPGP implementation.
Why I am giving up on PGP (Score:3, Interesting)
PGP integration with mail clients ranges from nonexistent to clunky. S/MIME integration with mail clients works well. With PGP, if a key is compromised then there is no widely supported revocation mechanism. With S/MIME, the same revocation mechanism that works for SSL is used. With PGP, key exchange is annoying. With S/MIME and a signed key, key exchange is easy. With PGP, the author points out that multiple device support is annoying. With S/MIME, each of my devices can use a different (valid) cert and I can revoke them independently.
The downside of S/MIME is that you must trust the CA infrastructure. That is a problem, but S/MIME can be combined with things like certificate transparency and cert pinning to alleviate this. If you use S/MIME and don't trust the CAs, then you're in effectively the same place as PGP, but with better client support.
PGP is the wrong solution for many ptoblems (Score:1, Interesting)
PGP has its niche uses, such as signing standalone text, code, etc. It does nothing to address the biggest threats of today, which is that of criminal governments breaking into the "sacrosanct" infrastructure, and stealing the much more valuable metadata.
The "killer app" for cryptography is going to be a combination of things, including a decentralized hashtable-routing network, and software built from the ground up which never "trusts by default". Some interesting headway is mentioned at youbroketheinternet.org [youbroketheinternet.org].
