[Cryptography] Avoiding PGP

Kevin W. Wall kevin.w.wall at gmail.com
Thu Mar 15 17:22:32 EDT 2018


On Mar 15, 2018 3:50 AM, "Alexander Klimov via cryptography" <
cryptography at metzdowd.com> wrote:

> The problem only starts then none of the users is tech-savvy or only
one is and he cannot support the other. I think this is quite rare
use-case and it is very unlikely that someone without knowledge or
support will be able to use any cryptographic system securely, so we
should not blame GnuPG here.

Seriously? You think that is *rare* when only one user is tech savvy and
unable to provide sustained tech support for friends and family? Half of my
friends & family belongs to the "blinking twelve" club. Me trying to
explain WoT to them would certainly result in a deer-in-the-headlights
look. On the other hand, I don't even need to explain Signal to people. For
the most part, it's just install it and go, taking care to explain how to
note when 1 or more recipients are not using Signal and how that message is
not delivered with end-to-end encryption to those people.

So while I am not *blaming* GnuPG, it most definitely is harder for
non-technical folks to use. Also it is interesting to note that inside of
corporations, PGP and S/MIME email have largely been replaced with Identity
Based Encryption such as Voltage Secure Email. No need to explain that to
people.

-kevin
--
Blog: http://off-the-wall-security.blogspot.com/  |  Twitter:  @KevinWWall
NSA: All your crypto bit are belong to us.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180315/0830db22/attachment.html>


More information about the cryptography mailing list