On Saturday, March 14, 2015, stef <s@ctrlc.hu> wrote:
On Sat, Mar 14, 2015 at 05:23:16AM +0000, David Leon Gil wrote:
> Like it being incompetently designed?
depends what the intended goal of said software is:
1/ winning a battle in the 1st cryptowars to make crypto exportable? i think
it brilliantly succeeded at this design goal.
2/ making cryptograms stand out as strong selectors thanks to all this juicy
plaintext metadata in the openpgp packet as defined per rfc4880. again, a
smashing success.
maybe if your usecase is not covered by the above two, maybe you should be
looking for another solution. people-with-hammers ;)
Fortunately, my goals do not include either of those. :) And I think my comment was somewhat unfair: The original OpenPGP standard was well thought out (but ultimately insecure). It just became a horrifying with three more major versions.
As this is cypherpunks: I wish more folks were working on making steganography for encrypted mail more practical. It seems, for example, entirely feasible, to encode encrypted mail as (nonsense but grammatical) sentences in the user's language. I would be happy to deploy a proposal that accomplished something like this with < ~25% overhead, which seems doable, but hard.
(This is something that will be essential for users in countries like China...)