[Cryptography] Avoiding PGP

Neuhaus Stephan (neut) neut at zhaw.ch
Mon Mar 19 03:38:25 EDT 2018 

(I apologise if the quoting comes out wrong, but the email client I'm forced to use, Outlook/Mac, doesn't do proper quoting.)

On 2018-03-18 22:22, "cryptography on behalf of Phillip Hallam-Baker" <cryptography-bounces+neut=zhaw.ch at metzdowd.com on behalf of phill at hallambaker.com> wrote:    
    
>    ​Perfect? Good grief... only if you haven't used any application developed since 1995 or so.
    
+1 to that. Perhaps not entirely coincidentally, the original "Why Johnny Can't Encrypt" article was from 1999: https://www.usenix.org/legacy/publications/library/proceedings/sec99/whitten.html
    
>    I was utterly dumfounded ​when I used the GPG plug in and received my first encrypted email and had to tell the app to decrypt it. No, that is not acceptable.

+2. Just this week I had the devil of a time finding out which of two keys (containing the same email address) Enigmail was using for encryption and it took me some shell-foo to find and eliminate the unwanted key. My grandma (if she were still alive) would probably not have managed that.
    
>    WoT sounds great until you realize that most people just use the keys on the MIT key server and make no effort to validate them whatsoever. So really good trust has been downgraded to none.
 
This problem also occurs with X.509-style PKI. People simply substitute "I'm not checking the WoT" for "I'm not checking the certificate". See, e.g., https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf, which also wins the prize for the article with the shortest abstract so far. Clearly, CAs also don't necessarily always validate the key, so it's not clear that substituting a CA for the user gets you anything.

IMO, WoT fails because the way it works is arcane; some of its assumptions are unwarranted; its default rules are arbitrary and not supported by evidence; and in order to understand whether you should trust a key according to WoT, you need fairly advanced knowledge of logic. Case in point: before we ditched the chapter on email encryption in our Security Basics course, we used to have a WoT exercise in our exams. If my grandma could have understood WoT, there would have been no point in doing that because all students would have received perfect scores on that exercise. (Assuming that students are cleverer than my grandma, who had almost no formal education.)
    
A slight tangent: I tend to avoid the word "trust" these days. It's too many things to too many people.

>    Neither is fit for purpose today.

+3
    
>    Vendors win because they can sell new stuff even if it isn't strictly necessary. 

I'm sure they'll like the sound of that.

Fun,

Stephan

More information about the cryptography mailing list