GPG and Me (2015)

<a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9104188" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9104188</a><p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9872410" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9872410</a>

There is plenty of room for a better OpenPGP tool - a more opinionated one with a stronger focus on user-friendliness. But that&#x27;s a big task, and I guess less exciting than proposing a new crypto standard? (I&#x27;m especially baffled by Mailpile&#x27;s position that they don&#x27;t have the time or resources to produce a good OpenPGP library, but somehow could afford to produce a new from-scratch standard).<p>In the meantime, GPG is the best option. For me - without a public email address - an encrypted message is a good thing; it will be either an email from one of my technically oriented friends, or a notification from Facebook.

This blog post is not constructive. The points are redundant summaries of what everyone already knows, ad-hominem attacks users of gpg based on a straw-man presumption, and does not educate the reader about how to construct better alternatives.<p>Attacking GPG is &quot;an easy target&quot;, and is really cliché - you get to sound profound without actually doing anything constructive. All of the arguments against GPG have analogous counterparts against using X509, yet there is no out-of-the-blue chiding of people who &quot;would voluntarily use&quot; X509.

He&#x27;s not wrong. But after 25 years of nobody liking PGP, there&#x27;s still no alternative that addresses all of its shortcomings.

Please correct me if I am wrong, but as I understand it in GPG&#x27;s case perfect forward secrecy simply cannot be used. PFS can be used in frameworks where the two parties interact and can use DH or similar protocols to establish an ephemeral session key. In GPG models the two parties do not interact: the first one produces a ciphertext and the second one decrypts it possibly a lot of time later. In this model the plain text is by definition a function of the ciphertext and the secret key. The only way to circumvent it would be to change how maths work.<p>So, I do not think that GPG can be declared broken because it does not have PFS. It simply is targeted at use cases where this does not make sense (and there are valid examples of such use cases). If it is used in wrong ways or in context where other encryption schemes would be more suitable, then this is a user&#x27;s fault. I cannot really understand what the article&#x27;s author is proposing about fixing GPG problems.

I&#x27;ve come to think of GPG as a case of retrofuturism, a vision of a future that we naively imagined a long time ago, but that will never come to pass. There won&#x27;t be widespread use of GPG for secure communications, like we won&#x27;t get nuclear-powered cars or orchards in Venus.<p>By design, GPG leaks a lot about the conversation: sender, receiver, subject, message size, encryption method used, approximate message size, time and date, etc. Twenty years ago, the creators of the protocol probably didn&#x27;t think that it would be a big deal.<p>Nowadays, governments kill people based on far less metadata than that.