[HN Gopher] GPG and Me (2015)
___________________________________________________________________
GPG and Me (2015)
Author : todsacerdoti
Score : 39 points
Date : 2020-11-29 19:03 UTC (3 hours ago)
(HTM) web link (moxie.org)
(TXT) w3m dump (moxie.org)
| ur-whale wrote:
| Mostly agree with the content of the article, but he's not
| offering anything in the way of anything better.
| chejazi wrote:
| > Instead of developing opinionated software with a simple
| interface, GPG was written to be as powerful and flexible as
| possible.
|
| Moxie is the project lead for Signal, an encrypted messenger
| (https://signal.org/). That is what he ultimately offered.
| corty wrote:
| Which is myopically focussing on encryption, not identity,
| signing or authentication. You send your messages in signal
| to someone, with no means to properly verify whom you are
| sending to (except if you do a nonsensical secret (because
| signal doesn't tell you to do it) dance of "send non-secret
| hello, meet in person, verify fingerprints (which people are
| supposedly unable to understand), send the secret stuff") or
| who you are receiving from. Have fun sending all your
| messages c/o your friendly secret service manipulating the
| phone number exchange.
|
| There are things signal does better than GPG, and there are
| things it doesn't do at all. Which nobody tells you about
| until you are bitten by the resulting problems.
| sneak wrote:
| I think about this article a lot.
|
| I think this perhaps discounts the usefulness of GPG in specific
| professional applications.
|
| He's judging it on mass adoption; that's fine but it's not the
| kind of tool that will ever be adopted by most people. It serves
| a specific purpose (and shoehorning it into email isn't that) and
| for that purpose I (and other competent professionals) still use
| and trust it for that purpose.
|
| I am also excited about new tools (like age, which will also
| never have hundreds of millions of users) along these lines.
|
| I think some similar criticisms could be levied against, say,
| Adobe Premiere, even though it has an order of magnitude or two
| more users than PGP (although perhaps not when you consider every
| apt user in Debian and Debianlikes such as Ubuntu). Industrial
| software for trained professionals has a lot of sharp corners and
| footguns. Not all software is (or should be) Instagram.
|
| He's 100% right that GPG email sucks, though. Don't use GPG for
| email except when attaching secrets.
| garmaine wrote:
| > Don't use GPG for email except when attaching secrets.
|
| Don't even do that. Find a different way to send those secrets.
| corty wrote:
| Never say something like that without offering a proper
| replacement that is proveably more secure.
| garmaine wrote:
| The thing is it is less secure in many ways because you are
| giving up on reputability and using long-lives keys stored
| on untrusted devices.
| sneak wrote:
| I store my PGP keys on smartcards, and some are entirely
| offline.
| surround wrote:
| Perhaps the issue is with email itself. GPG is just a hack to
| make email secure (and it can't even encrypt metadata). GPG has
| such a small user base that we could ditch it at any time, but
| email is so ubiquitous that we might be stuck with it for a long
| time yet.
| makach wrote:
| GPG is a specific tool for specific messages. It represent
| freedom and privacy. I have bigger problems with email than I
| have with GPG.
| akerl_ wrote:
| What kinds of messages is it specifically for?
| jchook wrote:
| > Instead of developing opinionated software with a simple
| interface, GPG was written to be as powerful and flexible as
| possible. It's up to the user whether the underlying cipher is
| SERPENT or IDEA or TwoFish.
|
| IMO GPG doesn't owe its lack of widespread adoption to its
| flexibility, learning curve, code cruft, forward secrecy, or
| anything of the sort. Its various usability issues do not
| preclude the creation of an opinionated and easy-to-use GUI
| front-end.
|
| Corporations like Google and the government want to read your
| email. They could invest in private email communication but they
| choose not to. Arguably the network effects of widespread
| adoption of Gmail/Yahoo/etc even stifle folks pushing for GPG
| adoption. While Gmail claims they no longer "read" your email
| contents for ad purposes, your ISP most likely does[1], and no
| doubt Google still uses the data for _something_.
|
| According to Gilens et al[4], large corporations greatly
| influence policy decisions, and now we have the entire Western
| world trying[2] (and sometimes succeeding[3]) to effectively
| outlaw private communications.
|
| FastMail made a (thin) argument against using GPG[5], citing
| various problems (like losing key = losing email, and email
| search becomes hard). They also wax on some "transmit your key"
| nonsense. However, none of this seems to stop ProtonMail from
| making excellent use of GPG.
|
| The OP envisions a future, better GPG where we "start fresh with
| a different design philosophy" that includes things like forward
| secrecy. IMO global adoption is equally as important as the
| technology under the hood. Even if we started with GPG and
| upgraded to a new protocol later, the tooling, integrations, and
| ecosystem would benefit.
|
| 1. https://www.consumerreports.org/consumerist/house-votes-
| to-a...
|
| 2. https://matrix.org/blog/2020/10/19/combating-abuse-in-
| matrix...
|
| 3. https://fee.org/articles/australia-s-unprecedented-
| encryptio...
|
| 4.
| https://scholar.princeton.edu/sites/default/files/mgilens/fi...
|
| 5. https://fastmail.blog/2016/12/10/why-we-dont-offer-pgp/
|
| 6. https://tools.ietf.org/html/draft-brown-pgp-pfs-03
| samatman wrote:
| It's worth noting that my use of GPG is completely disjoint from
| everything moxie discusses here.
|
| I use GPG to sign things. Git commits, mostly, but I've used it
| to sign legal documents as well, and a small grab-bag of other
| cases.
|
| Is it the best for this application? It is not. Many of the
| objectionable aspects of the PGP standard apply to signing as
| well.
|
| But also, yes, it is: it's supported by GitHub and GitLab, and if
| any other way of signing commits is supported, I'm not aware of
| that.
|
| I'd be happy to switch to a better, modern cryptosystem for
| signing things, if it were adequately supported.
|
| What I never do, is use GPG for encrypted communication. Given
| moxie's particular claim to fame, I don't blame him for focusing
| on that application, and he is (of course) correct: if you're
| using GPG to communicate 'securely', stop.
| yosamino wrote:
| > if you're using GPG to communicate 'securely', stop.
|
| But then what do I use instead ? I have run into the problem
| before and I can't seem to find a suitable replacement.
| john_alan wrote:
| The popular answer is Age.
| tyingq wrote:
| _" it's supported by GitHub and GitLab, and if any other way of
| signing commits is supported, I'm not aware of that"_
|
| X.509 is another option.
|
| https://docs.github.com/en/free-pro-team@latest/github/authe...
|
| https://docs.gitlab.com/ee/user/project/repository/x509_sign...
|
| https://github.com/github/smimesign
| rasengan wrote:
| I think it depends on the type of communication being made,
| when, why, etc.
|
| For example, if someone wants to send you an anonymous message,
| they could just reply right here to this thread with some blob
| of PGP encrypted text, anonymously. Plausible deniability would
| exist and, as well, metadata could easily be obfuscated. Here's
| an example, but I'm not going to make a throwaway.
|
| -----BEGIN PGP MESSAGE-----
|
| Comment: GPG
|
| hQIMA9gXRUOEWVQSAQ/9FppY6pK4P6xErZw9/M9UXtrUmRhKIWzorfXctiji0e8
| z
|
| f/Qgx6sxlIHT5HHKvdhagMVcPL7GqdYUSlfNmiyXBq3jPvkYPzzFfxGeIRSefBQ
| P
|
| pHqo0vsMz9lZ572rtx2iIfBkPd0WDbzKEABID2REetJSaFUARoAKsiOaNUhIfoq
| d
|
| rOnytETv63WBYVBdTimNgtkhTWtT9LVobrKv9EfTLfbErVgONWmuo3mXXRbeOsw
| G
|
| 50nqT7LQrV/nnzKj0Eq5nVjaIHiTo9EXwQgs3MGl8ZFAV45MWJ+7Sw9sbD/MpXh
| v
|
| i/za17Z+MOsmZs0ja3iXq/8N+xKCqYJv2bMh9EzTZ6mOOwVDIUDi59+S7pA5QzJ
| x
|
| xGTwppJ9XDajdsvg91H+DCWgc8/Ln7/5FeC4F2QMhnjrF7KiR9qsux1mZfQbRFI
| s
|
| T5krRzMOvbHgb3/br/wdxbWgIKYpVFJiUmIO502R0cWw3X6ni6zz9yybfHlzUCm
| 3
|
| FBDbi5NNY7tcs+gehtRcwhrjfDHoxRZ17oOnexmD9fYvQA5FWvt4UVG9TBwEawn
| h
|
| BvBxhkuAgcMue2FgsiYlcWQ214FoXFuJSPlG8d01VcDmPLG5kXbNftwlS61dl6y
| W
|
| dyk5yGZw9uR0BKpCuvDk7f8uURDj8p7t69+u2M08FPYyaNImtBtJV96ZWI1gjV3
| S
|
| NwFPb/UKnqc/xQc6asORi5r7Mp/0PDFuasoInR8pp5rmIYHaJYzTQfdNxuL3aD5
| w
|
| EAxDPMn+bCI=
|
| =3DBv
|
| -----END PGP MESSAGE-----
| samatman wrote:
| I was mildly disappointed that this doesn't appear to be
| encrypted to my key, since I have Keybase in my profile ;)
|
| The general shape of the argument against this, is you can
| use age, and avoid the many well-documented problems with the
| OpenPGP standard.
|
| More people have PGP keys, naturally, but that's a bit of a
| chicken-and-egg problem. By the time you're messing with
| cloak-and-dagger stuff like dead drops on public message
| boards, taking the extra effort to set up to use a better
| cryptosystem strikes me as relatively minor.
| rasengan wrote:
| Ah! I did encrypt it for: rsa4096/D817454384595412
| 2019-12-24
|
| I had to put in extra \n's because it looked weird on HN so
| maybe thats throwing it off ;o
| tmp538394722 wrote:
| _clears throat_
| drexlspivey wrote:
| Another one from 2016: https://blog.filippo.io/giving-up-on-long-
| term-pgp/
| [deleted]
| quadrifoliate wrote:
| > The journalists who depend on it struggle with it and often
| mess up ("I send you the private key to communicate privately,
| right?"), the activists who use it do so relatively sparingly
| ("wait, this thing wants my finger print?"), and no other sane
| person is willing to use it by default.
|
| I used to think that the GPG web-of-trust verification in person
| was antiquated and no one would do it in practice. Which they
| don't.
|
| With Signal, when someone changes their phone, or reinstalls
| Signal, or one of five other things, I am supposed to...verify
| their "safety number" in person.
|
| I am not smart enough to make meaningful comments about
| cryptography, but the expectations from the _user_ to verify
| things in real life seem the same in both cases.
|
| Am I just wrong here, or understanding something wrong? I swear
| everyone I talk to on Signal has changed their safety numbers at
| least once in the last couple years. Should I not talk to them
| any more until I verify those in person?
| movedx wrote:
| > Should I not talk to them any more until I verify those in
| person?
|
| It depends on your threat model.
|
| If you're a journalist talking to sources, then you should
| probably put down the phone and reach out through some other
| equally secure channel to confirm they're the ones who have
| changed their safety number (and even then, at this kind of
| level I'd have an "under duress" safe word.)
|
| If you're like me and you're browsing Hacker News in your
| underwear shouting at people's posts because they're wrong
| about Go, you're probably OK to assume your mate just changed
| their phone.
| psanford wrote:
| This is from 2015.
| aborsy wrote:
| PGP is secure and usable if you can manage keys.
|
| The issue with the adoption is not much the protocol itself:
| Average user has no idea what is (asymmetric) encryption and will
| never manage keys; the process has to be automated and be
| provided by default.
|
| To use PGP, you need GnuPG, and, say, Thunderbird+Enigmail. These
| are the barriers to adoption not the PGP protocol (which still
| could be updated).
|
| Automating key management and encryption is what ProtonMail and
| other apps are trying to do. Google could include PGP in Gmail
| and it will be widely adopted over night.
| tao_oat wrote:
| Moxie is just one of several security experts who are fed up with
| PGP. For a similar article see [What's the matter with PGP?][1]
| or [The PGP Problem][2].
|
| [1]: https://blog.cryptographyengineering.com/2014/08/13/whats-
| ma... [2]: https://latacora.micro.blog/2019/07/16/the-pgp-
| problem.html
| upofadown wrote:
| My response to "The PGP Problem":
|
| * https://articles.59.ca/doku.php?id=pgpfan:tpp
| floatingatoll wrote:
| FWIW, that markup doesn't work here.
| bronson wrote:
| It's still more readable than just inlining the urls.
| floatingatoll wrote:
| This post is not a complaint about GPG, it's a complaint about
| the people who use GPG to contact Moxie.
|
| > _There just seems to be something particular about people who
| try GPG and conclude that it's a realistic path to introducing
| private communication in their lives for casual correspondence
| with strangers._
|
| Moxie's objection is that people who initiate with GPG are more
| often a waste of his time than people who do not. I think Moxie
| is right, and remains right today, about this point.
|
| I would consider it impolite/rude to use GPG to email someone
| with whom I have no existing relationship, unless explicitly
| directed to do so for professional use. When PGP was young I
| would attach a signature, but over time I found that this
| cheapened my conversations and set a tone I didn't consider
| acceptable to use with others.
|
| If someone blind emailed me with a GPG encrypted message, I would
| delete it without attempting to decrypt it and block the sender,
| because clearly they have no clue what they're doing, and I don't
| have time for that. So, then, I remain in agreement with the
| (2015) Moxie that posted this.
| geoah wrote:
| Original discussion (2015) on this had some pretty interesting
| opinions on the matter,
| https://news.ycombinator.com/item?id=16057579
| upofadown wrote:
| I've recently spent a fair bit of time thinking about where
| encrypted messaging has been and where it ended up...
|
| Yes, PGP sucks. Unfortunately everything else sucks as well.
|
| Signal Messenger is as good an example as anything. To use it
| effectively you need to know these concepts:
|
| * What safety numbers are. Why you need to use them to establish
| an identity for a contact. Why you need to do something when they
| unexpectedly change. What that something is that you need to do.
|
| * Why you can't keep around old messages if you want forward
| secrecy. What forward secrecy is and why you might want it.
|
| * What deniability is. What you have to do if you want to attempt
| to exercise it.
|
| Note that Signal ended up making it significantly easier to
| ignore the change of safety numbers some years ago. The users
| simply were bothered with no idea of why it was important.
|
| Public key cryptography is complicated and involves multiple
| basic concepts that need to be learned if you are going to use it
| for messaging. Making things more complicated and adding features
| as in the case of Signal protocol does not help if it adds to the
| list of concepts. We haven't yet come to terms with the basic
| stuff.
|
| There seems to be a cycle here. Someone comes out with a cool new
| thing. Regular people fail to be able to use that thing. No one
| seems to know why. Repeat. Signal is a good current example of
| that.
|
| The thing is, the root cause has been known for something like 20
| years now. I will leave with a quote from the classic encrypted
| messaging study, Why Johnny Can't Encrypt:
|
| >... it is clear that there is a need to communicate an accurate
| conceptual model of the security to the user as quickly as
| possible. The smaller and simpler that conceptual model is, the
| more plausible it will be that we can succeed in doing so.
___________________________________________________________________
(page generated 2020-11-29 23:00 UTC)