
GPG and Me (2015) - jellyksong
https://moxie.org/blog/gpg-and-me/
======
dang
[https://news.ycombinator.com/item?id=9104188](https://news.ycombinator.com/item?id=9104188)

[https://news.ycombinator.com/item?id=9872410](https://news.ycombinator.com/item?id=9872410)

------
lmm
There is plenty of room for a better OpenPGP tool - a more opinionated one
with a stronger focus on user-friendliness. But that's a big task, and I guess
less exciting than proposing a new crypto standard? (I'm especially baffled by
Mailpile's position that they don't have the time or resources to produce a
good OpenPGP library, but somehow could afford to produce a new from-scratch
standard).

In the meantime, GPG is the best option. For me - without a public email
address - an encrypted message is a good thing; it will be either an email
from one of my technically oriented friends, or a notification from Facebook.

------
infinity0
This blog post is not constructive. The points are redundant summaries of what
everyone already knows, ad-hominem attacks users of gpg based on a straw-man
presumption, and does not educate the reader about how to construct better
alternatives.

Attacking GPG is "an easy target", and is really cliché - you get to sound
profound without actually doing anything constructive. All of the arguments
against GPG have analogous counterparts against using X509, yet there is no
out-of-the-blue chiding of people who "would voluntarily use" X509.

------
Tharkun
He's not wrong. But after 25 years of nobody liking PGP, there's still no
alternative that addresses all of its shortcomings.

------
giomasce
Please correct me if I am wrong, but as I understand it in GPG's case perfect
forward secrecy simply cannot be used. PFS can be used in frameworks where the
two parties interact and can use DH or similar protocols to establish an
ephemeral session key. In GPG models the two parties do not interact: the
first one produces a ciphertext and the second one decrypts it possibly a lot
of time later. In this model the plain text is by definition a function of the
ciphertext and the secret key. The only way to circumvent it would be to
change how maths work.

So, I do not think that GPG can be declared broken because it does not have
PFS. It simply is targeted at use cases where this does not make sense (and
there are valid examples of such use cases). If it is used in wrong ways or in
context where other encryption schemes would be more suitable, then this is a
user's fault. I cannot really understand what the article's author is
proposing about fixing GPG problems.

~~~
giomasce
BTW, by GPG I actually meant OpenPGP. The tool itself may have shortcomings,
but everyone is welcome to write another one that uses the same standard and
works better.

------
felipeerias
I've come to think of GPG as a case of retrofuturism, a vision of a future
that we naively imagined a long time ago, but that will never come to pass.
There won't be widespread use of GPG for secure communications, like we won't
get nuclear-powered cars or orchards in Venus.

By design, GPG leaks a lot about the conversation: sender, receiver, subject,
message size, encryption method used, approximate message size, time and date,
etc. Twenty years ago, the creators of the protocol probably didn't think that
it would be a big deal.

Nowadays, governments kill people based on far less metadata than that.

