Gnupg (gpg) [was Re: Pond and Keybase [was peerio.com]]

Mirimir mirimir at riseup.net
Fri Jan 16 17:02:40 PST 2015


On 01/16/2015 11:11 AM, Seth wrote:
> On Fri, 16 Jan 2015 01:48:02 -0800, odinn
> <odinn.cyberguerrilla at riseup.net> wrote:
>> And now here's the kicker:  This two-person team which they are trying
>> to get funded, IS NOT FUNDED!
>>
>> Take a look here:
>>
>> https://gnupg.org/index.html
>>
>> Again:
>>
>> NOT. FUNDED.
> 
> This line of argument seems to imply that throwing money at GnuPG will
> somehow fix its well-known usability issues. http://secushare.org/PGP

OK, I'll bite :)

| 1. Downgrade Attack: The risk of using it wrong.
...
| The mere existence of an e-mail address in the process is a problem.
...
| 2. The OpenPGP Format: You might as well run around the city naked.
...
| 3. Transaction Data: Mallory knows who you are talking to.

Well, correspondents ought to:
1) always use pseudonyms if they care about attribution;
2) avoid meaningful subject lines; and
3) use VPNs, JonDonym and Tor to obscure network connectivity.

Given that, why care that adversaries see OpenPGP?

| 4. No Forward Secrecy: It makes sense to collect it all.

So what? Just secure your shit properly!

| 5. Cryptogeddon: Time to upgrade cryptography itself?

Smart folk who care about attribution never put anything online that
links their pseudonyms to their real names. Just sayin'. And they rotate
their pseudonyms periodically. So stored messages go stale within a year
or two, tops.

| 6. Federation: Get off the inter-server super-highway.

That's prudent for stuff that matters. But OpenPGP is still good within
the transport layers.

| 7. Discovery: A Web of Trust you can't trust.

I've never used WoT, and tend to agree. WoT is especially impractical
because I don't at all mix meatspace and online activity. I am starting
to like Keybase, however.

I don't worry very much about sharing publicly who my conversation
partners are. I always use pseudonyms, and so do many of my conversation
partners. Sometimes we all use multiple pseudonyms, just for fun :)

| 8. PGP conflates non-repudiation and authentication.

Again, use those pseudonyms!

| 9. Statistical Analysis: Guessing on the size of messages.

Having my pseudonyms profiled doesn't worry me greatly.

| 10. Workflow: Group messaging with PGP is impractical.

Why bother? Just set up a Tor hidden-service forum, or whatever.

| 11. Complexity: Storing a draft in clear text on the server

I use both IMAP and POP, and I've never seen plaintext drafts stored on
the server. I believe that Enigmail's "convenient encryption settings"
(in particular "auto send encrypted") prevent this, as long as you have
the public key of the person whom you're drafting a message to. It's
also prudent to switch to manual mode, and to set "confirm before
sending" to "Always".

| 12. Overhead: DNS and X.509 require so much work.

Who's enslaved? One uses whatever tools are appropriate.

| 13. Targeted attacks against PGP key ids are possible

This is an advantage of Keybase. Then we're not depending on the KeyID,
or even on the fingerprint, but rather on an identity that's multiply
and independently authenticated.

| 14. TL;DR: I don't care. I've got nothing to hide.

I hide in many ways, and don't depend on message encryption ;) My
"preferences, habits and political views" are fragmented among multiple
unlinked personas. How to do that is one of my key soapbox topics ;)

| 15. The Bootstrap Fallacy: But my friends already have e-mail!

Again, it's a tool. But of course it's not the only tool.




More information about the cypherpunks mailing list