Crypto problems you actually need to solve

FWIW, UX plays a big part in controlling adoption. Apps like OpenSignal/TextSecure for encrypted communications make the whole process about as painless as possible. I downloaded TextSecure for Android and registered my number. I made my girlfriend download OpenSignal for iOS and register her number. I opened the app and saw her on my contacts (TextSecure will tell you which of your phone contacts already appear to have the app installed) and sent her a message. Boom. We're done. All of the tedious key-exchanges and whatnot were completely behind the scenes and we never had to deal with it directly. Those options are still there, and if I ever migrate to a new phone we'll probably have to do some kind of new exchange, but otherwise the "fun" of trying to manually exchange PGP keys was completely behind the scenes.

I&#x27;d be very excited to see more Free Software instant messaging applications support OMEMO (<a href="http:&#x2F;&#x2F;conversations.im&#x2F;omemo&#x2F;" rel="nofollow">http:&#x2F;&#x2F;conversations.im&#x2F;omemo&#x2F;</a>). It&#x27;s basically TextSecure&#x27;s Axolotl protocol with a few slight modifications. As such, it support multi-party OTR-like PFS and multiple devices. In contrast to TextSecure, Conversations (the first client to implement it) allows you to use it without having to install Google Play Services and makes it usable on a decentralized infrastructure (XMPP). If it became standard for Open Source messaging clients (whatever transport they use) to have Omemo built in and use it opportunistically, we might actually have a chance to provide usable crypto to the masses.

&gt; &quot;Making email and PGP easier to use is not only a UX issue.&quot;<p>Yes, but UX is still the biggest issue. By all means develop next gen crypto tech: but first, make what we have now usable by people who aren&#x27;t Unix people.<p>I would pay money for binaries of an Open Source GnuPG for OS X which wasn&#x27;t awful to use.<p>Not in a tarball, not assuming I want to use the command line, on gnupg.org (with the angry SHA1 certificate warning fixed), not linked to from there for &#x27;people who want GUIs&#x27;.

This is good, but getting &quot;well-known&quot; solutions actually used in practice is a very hard, and worthwhile problem. (This is not <i>just</i> &quot;PGP needs a better UI&quot;; it&#x27;s also &quot;how do I get embedded&#x2F;IoT developers to use half-decent crypto&quot;, &quot;bringing TLS into the 21st century&quot;, etc.)

Personally I&#x27;m hoping Google&#x2F;Yahoo&#x27;s End-To-End encryption tech goes somewhere. I really liked the idea behind the use of a gossip protocol to let everyone know what keys they had seen for a given user so that active attacks are not necessarily completely prevented, but are noticed.

I&#x27;d be glad if people stopped asking for PFS in email. Email can not have PFS. If you actually implements PFS over email, it becomes instant messaging.<p>Yes, you can cargo cult the PFS algorithms over the email infrastructure, but if you save the temporary key, it&#x27;s not PFS anymore, and guess what, if you want to save your message to reading later, you&#x27;ll have to save the temporary key too.