
OpenPGP in Rust: The Sequoia Project - todsacerdoti
https://lwn.net/SubscriberLink/830902/b751810a99460a39/
======
d33
...I really don't want to sound entitled, but while you're at it, could you
please only keep the old CLI for compatibility purposes and come up with
something that can actually be used? GPG's command line is second only to the
one of openssl. And maybe git. It would really help adoption if usability was
improved. Having an API instead of just CLI might also help (doesn't Enigmail
just run the binary?)

~~~
amluto
Second to openssl? I would rank gpg as the worst by a considerable margin.

Although, come to think of it, tex and its relatives (pdflatex, etc) have
really quite terrible command line interfaces.

~~~
jcranmer
ffmpeg is pretty nasty as well, and I don't have much fondness for
ImageMagick's command line either.

~~~
smichel17
At least ffmpeg makes it easy to do the very easiest thing. I don't have to
look up this one:

    
    
        ffmpeg -i input.file output.file
    

Now, usually I want to do something more complicated, so I end up having to
look it up, but it's hardly the ffmpeg folks' fault that audio and video
encoding is such an ungodly mess of different containers and encodings; while
it could be better, I think most of its complexity is inherent to the problems
it's trying to solve. I do think there's an argument that it tries to do too
much, and the complexity could be mitigated if it were split into several
smaller tools and a wrapper for the most common commands, like apt.

------
valenciarose
All of my friends who work in crypto loathe PGP. None of them mention the
implementation as their __primary __area of concern. Some of them mention the
implementation as an unsurprising sequela to the kitchen sink of
“capabilities” PGP attempts to cover. It has, by design, a nearly fractal
surface area for users to compromise their security and for developers to make
subtle implementation errors.

~~~
upofadown
If you want to do store and forward messaging on a federated network then PGP
is pretty much it.

So if all those cryptographers don't like it then they should design something
better. It is unlikely they will be able to come up with something simpler.

------
tptacek
Alternatively: [https://github.com/str4d/rage](https://github.com/str4d/rage)

~~~
upofadown
Kind of lacks any sort of OpenPGP compatibility...

~~~
seanieb
Thats the point. PGP isn’t a good standard.

~~~
upofadown
Age/Rage is not a standard at all. It is just a program. It definitely has
nothing to do with a project intended to implement a particular standard. It
is a non-sequitor here.

~~~
pvg
PGP is a giant blob of byzantine implementation details and layers of accrued
crust that people call a standard by convention and out of inertia.

~~~
ifmpx
Being a giant blob of byzantine implementation details and layers of accrued
crust doesn't take away from PGP being a standard. Take a look at BMP or
Postscript/PDF or even Email and tell me they're not the same.

Parent's point still stands: PGP _is_ a standard (with widespread adoption,
mind you) whereas Age is not. Whether it is a good standard or not depends on
how you're using it.

~~~
pvg
The parent's point was that age is 'just a program' and thus not a standard,
with no mention of adoption. But PGP is arguably less of a standard than age,
by that metric. As to adoption, PGP has very little adoption for actually
securing anything (rather than performative use) and for those uses it's
trivially replaceable because it's not actually good at them - that's pretty
much the motivation behind things like 'age'.

------
upofadown
>Conceptually, Sequoia takes an identity-based approach to its public
keyrings, where the keyring is designed to be "more like a per-domain address
book than a PGP keyring."

I think this is the future for encrypted messaging of all types. Ultimately
the user needs some sort of conceptual model that will allow them to do
reasonable things. Making the identity a thing in and of itself removes a lot
of unneeded conceptual overhead.

That is as opposed to the current practice of simply ignoring the identity
issue and leaving the whole thing as a responsibility that the user has no
idea of how to deal with.

------
seanieb
Why? PGP needs to be deprecated in favor of things like AGE and Magic
Wormhole.

[https://github.com/FiloSottile/age](https://github.com/FiloSottile/age)

~~~
krick
If PGP is actually a bad standard from the crypto point of view I can only
wonder why people downvote this and insist on supporting garbage and even
rewriting it in Rust. But I'm not educated in these matters, so: what's
exactly the problem with PGP/Seqouia and why age/rage are better? Can all PGP
usecases be covered by age?

~~~
beefhash
age only covers authenticated encryption. minisign/signify covers the signing
part.

Everything else is either not used in practice or needs to be shifted to a
dedicated protocol.

------
anonymousse1234
Ahh the unending saga of people too lazy to read some GPG man pages and
proposing unfitting replacements.

Long live GPG!

