[HN Gopher] GPG and Me (2015) ___________________________________________________________________ GPG and Me (2015) Author : todsacerdoti Score : 39 points Date : 2020-11-29 19:03 UTC (3 hours ago) (HTM) web link (moxie.org) (TXT) w3m dump (moxie.org) | ur-whale wrote: | Mostly agree with the content of the article, but he's not | offering anything in the way of anything better. | chejazi wrote: | > Instead of developing opinionated software with a simple | interface, GPG was written to be as powerful and flexible as | possible. | | Moxie is the project lead for Signal, an encrypted messenger | (https://signal.org/). That is what he ultimately offered. | corty wrote: | Which is myopically focussing on encryption, not identity, | signing or authentication. You send your messages in signal | to someone, with no means to properly verify whom you are | sending to (except if you do a nonsensical secret (because | signal doesn't tell you to do it) dance of "send non-secret | hello, meet in person, verify fingerprints (which people are | supposedly unable to understand), send the secret stuff") or | who you are receiving from. Have fun sending all your | messages c/o your friendly secret service manipulating the | phone number exchange. | | There are things signal does better than GPG, and there are | things it doesn't do at all. Which nobody tells you about | until you are bitten by the resulting problems. | sneak wrote: | I think about this article a lot. | | I think this perhaps discounts the usefulness of GPG in specific | professional applications. | | He's judging it on mass adoption; that's fine but it's not the | kind of tool that will ever be adopted by most people. It serves | a specific purpose (and shoehorning it into email isn't that) and | for that purpose I (and other competent professionals) still use | and trust it for that purpose. | | I am also excited about new tools (like age, which will also | never have hundreds of millions of users) along these lines. | | I think some similar criticisms could be levied against, say, | Adobe Premiere, even though it has an order of magnitude or two | more users than PGP (although perhaps not when you consider every | apt user in Debian and Debianlikes such as Ubuntu). Industrial | software for trained professionals has a lot of sharp corners and | footguns. Not all software is (or should be) Instagram. | | He's 100% right that GPG email sucks, though. Don't use GPG for | email except when attaching secrets. | garmaine wrote: | > Don't use GPG for email except when attaching secrets. | | Don't even do that. Find a different way to send those secrets. | corty wrote: | Never say something like that without offering a proper | replacement that is proveably more secure. | garmaine wrote: | The thing is it is less secure in many ways because you are | giving up on reputability and using long-lives keys stored | on untrusted devices. | sneak wrote: | I store my PGP keys on smartcards, and some are entirely | offline. | surround wrote: | Perhaps the issue is with email itself. GPG is just a hack to | make email secure (and it can't even encrypt metadata). GPG has | such a small user base that we could ditch it at any time, but | email is so ubiquitous that we might be stuck with it for a long | time yet. | makach wrote: | GPG is a specific tool for specific messages. It represent | freedom and privacy. I have bigger problems with email than I | have with GPG. | akerl_ wrote: | What kinds of messages is it specifically for? | jchook wrote: | > Instead of developing opinionated software with a simple | interface, GPG was written to be as powerful and flexible as | possible. It's up to the user whether the underlying cipher is | SERPENT or IDEA or TwoFish. | | IMO GPG doesn't owe its lack of widespread adoption to its | flexibility, learning curve, code cruft, forward secrecy, or | anything of the sort. Its various usability issues do not | preclude the creation of an opinionated and easy-to-use GUI | front-end. | | Corporations like Google and the government want to read your | email. They could invest in private email communication but they | choose not to. Arguably the network effects of widespread | adoption of Gmail/Yahoo/etc even stifle folks pushing for GPG | adoption. While Gmail claims they no longer "read" your email | contents for ad purposes, your ISP most likely does[1], and no | doubt Google still uses the data for _something_. | | According to Gilens et al[4], large corporations greatly | influence policy decisions, and now we have the entire Western | world trying[2] (and sometimes succeeding[3]) to effectively | outlaw private communications. | | FastMail made a (thin) argument against using GPG[5], citing | various problems (like losing key = losing email, and email | search becomes hard). They also wax on some "transmit your key" | nonsense. However, none of this seems to stop ProtonMail from | making excellent use of GPG. | | The OP envisions a future, better GPG where we "start fresh with | a different design philosophy" that includes things like forward | secrecy. IMO global adoption is equally as important as the | technology under the hood. Even if we started with GPG and | upgraded to a new protocol later, the tooling, integrations, and | ecosystem would benefit. | | 1. https://www.consumerreports.org/consumerist/house-votes- | to-a... | | 2. https://matrix.org/blog/2020/10/19/combating-abuse-in- | matrix... | | 3. https://fee.org/articles/australia-s-unprecedented- | encryptio... | | 4. | https://scholar.princeton.edu/sites/default/files/mgilens/fi... | | 5. https://fastmail.blog/2016/12/10/why-we-dont-offer-pgp/ | | 6. https://tools.ietf.org/html/draft-brown-pgp-pfs-03 | samatman wrote: | It's worth noting that my use of GPG is completely disjoint from | everything moxie discusses here. | | I use GPG to sign things. Git commits, mostly, but I've used it | to sign legal documents as well, and a small grab-bag of other | cases. | | Is it the best for this application? It is not. Many of the | objectionable aspects of the PGP standard apply to signing as | well. | | But also, yes, it is: it's supported by GitHub and GitLab, and if | any other way of signing commits is supported, I'm not aware of | that. | | I'd be happy to switch to a better, modern cryptosystem for | signing things, if it were adequately supported. | | What I never do, is use GPG for encrypted communication. Given | moxie's particular claim to fame, I don't blame him for focusing | on that application, and he is (of course) correct: if you're | using GPG to communicate 'securely', stop. | yosamino wrote: | > if you're using GPG to communicate 'securely', stop. | | But then what do I use instead ? I have run into the problem | before and I can't seem to find a suitable replacement. | john_alan wrote: | The popular answer is Age. | tyingq wrote: | _" it's supported by GitHub and GitLab, and if any other way of | signing commits is supported, I'm not aware of that"_ | | X.509 is another option. | | https://docs.github.com/en/free-pro-team@latest/github/authe... | | https://docs.gitlab.com/ee/user/project/repository/x509_sign... | | https://github.com/github/smimesign | rasengan wrote: | I think it depends on the type of communication being made, | when, why, etc. | | For example, if someone wants to send you an anonymous message, | they could just reply right here to this thread with some blob | of PGP encrypted text, anonymously. Plausible deniability would | exist and, as well, metadata could easily be obfuscated. Here's | an example, but I'm not going to make a throwaway. | | -----BEGIN PGP MESSAGE----- | | Comment: GPG | | hQIMA9gXRUOEWVQSAQ/9FppY6pK4P6xErZw9/M9UXtrUmRhKIWzorfXctiji0e8 | z | | f/Qgx6sxlIHT5HHKvdhagMVcPL7GqdYUSlfNmiyXBq3jPvkYPzzFfxGeIRSefBQ | P | | pHqo0vsMz9lZ572rtx2iIfBkPd0WDbzKEABID2REetJSaFUARoAKsiOaNUhIfoq | d | | rOnytETv63WBYVBdTimNgtkhTWtT9LVobrKv9EfTLfbErVgONWmuo3mXXRbeOsw | G | | 50nqT7LQrV/nnzKj0Eq5nVjaIHiTo9EXwQgs3MGl8ZFAV45MWJ+7Sw9sbD/MpXh | v | | i/za17Z+MOsmZs0ja3iXq/8N+xKCqYJv2bMh9EzTZ6mOOwVDIUDi59+S7pA5QzJ | x | | xGTwppJ9XDajdsvg91H+DCWgc8/Ln7/5FeC4F2QMhnjrF7KiR9qsux1mZfQbRFI | s | | T5krRzMOvbHgb3/br/wdxbWgIKYpVFJiUmIO502R0cWw3X6ni6zz9yybfHlzUCm | 3 | | FBDbi5NNY7tcs+gehtRcwhrjfDHoxRZ17oOnexmD9fYvQA5FWvt4UVG9TBwEawn | h | | BvBxhkuAgcMue2FgsiYlcWQ214FoXFuJSPlG8d01VcDmPLG5kXbNftwlS61dl6y | W | | dyk5yGZw9uR0BKpCuvDk7f8uURDj8p7t69+u2M08FPYyaNImtBtJV96ZWI1gjV3 | S | | NwFPb/UKnqc/xQc6asORi5r7Mp/0PDFuasoInR8pp5rmIYHaJYzTQfdNxuL3aD5 | w | | EAxDPMn+bCI= | | =3DBv | | -----END PGP MESSAGE----- | samatman wrote: | I was mildly disappointed that this doesn't appear to be | encrypted to my key, since I have Keybase in my profile ;) | | The general shape of the argument against this, is you can | use age, and avoid the many well-documented problems with the | OpenPGP standard. | | More people have PGP keys, naturally, but that's a bit of a | chicken-and-egg problem. By the time you're messing with | cloak-and-dagger stuff like dead drops on public message | boards, taking the extra effort to set up to use a better | cryptosystem strikes me as relatively minor. | rasengan wrote: | Ah! I did encrypt it for: rsa4096/D817454384595412 | 2019-12-24 | | I had to put in extra \n's because it looked weird on HN so | maybe thats throwing it off ;o | tmp538394722 wrote: | _clears throat_ | drexlspivey wrote: | Another one from 2016: https://blog.filippo.io/giving-up-on-long- | term-pgp/ | [deleted] | quadrifoliate wrote: | > The journalists who depend on it struggle with it and often | mess up ("I send you the private key to communicate privately, | right?"), the activists who use it do so relatively sparingly | ("wait, this thing wants my finger print?"), and no other sane | person is willing to use it by default. | | I used to think that the GPG web-of-trust verification in person | was antiquated and no one would do it in practice. Which they | don't. | | With Signal, when someone changes their phone, or reinstalls | Signal, or one of five other things, I am supposed to...verify | their "safety number" in person. | | I am not smart enough to make meaningful comments about | cryptography, but the expectations from the _user_ to verify | things in real life seem the same in both cases. | | Am I just wrong here, or understanding something wrong? I swear | everyone I talk to on Signal has changed their safety numbers at | least once in the last couple years. Should I not talk to them | any more until I verify those in person? | movedx wrote: | > Should I not talk to them any more until I verify those in | person? | | It depends on your threat model. | | If you're a journalist talking to sources, then you should | probably put down the phone and reach out through some other | equally secure channel to confirm they're the ones who have | changed their safety number (and even then, at this kind of | level I'd have an "under duress" safe word.) | | If you're like me and you're browsing Hacker News in your | underwear shouting at people's posts because they're wrong | about Go, you're probably OK to assume your mate just changed | their phone. | psanford wrote: | This is from 2015. | aborsy wrote: | PGP is secure and usable if you can manage keys. | | The issue with the adoption is not much the protocol itself: | Average user has no idea what is (asymmetric) encryption and will | never manage keys; the process has to be automated and be | provided by default. | | To use PGP, you need GnuPG, and, say, Thunderbird+Enigmail. These | are the barriers to adoption not the PGP protocol (which still | could be updated). | | Automating key management and encryption is what ProtonMail and | other apps are trying to do. Google could include PGP in Gmail | and it will be widely adopted over night. | tao_oat wrote: | Moxie is just one of several security experts who are fed up with | PGP. For a similar article see [What's the matter with PGP?][1] | or [The PGP Problem][2]. | | [1]: https://blog.cryptographyengineering.com/2014/08/13/whats- | ma... [2]: https://latacora.micro.blog/2019/07/16/the-pgp- | problem.html | upofadown wrote: | My response to "The PGP Problem": | | * https://articles.59.ca/doku.php?id=pgpfan:tpp | floatingatoll wrote: | FWIW, that markup doesn't work here. | bronson wrote: | It's still more readable than just inlining the urls. | floatingatoll wrote: | This post is not a complaint about GPG, it's a complaint about | the people who use GPG to contact Moxie. | | > _There just seems to be something particular about people who | try GPG and conclude that it's a realistic path to introducing | private communication in their lives for casual correspondence | with strangers._ | | Moxie's objection is that people who initiate with GPG are more | often a waste of his time than people who do not. I think Moxie | is right, and remains right today, about this point. | | I would consider it impolite/rude to use GPG to email someone | with whom I have no existing relationship, unless explicitly | directed to do so for professional use. When PGP was young I | would attach a signature, but over time I found that this | cheapened my conversations and set a tone I didn't consider | acceptable to use with others. | | If someone blind emailed me with a GPG encrypted message, I would | delete it without attempting to decrypt it and block the sender, | because clearly they have no clue what they're doing, and I don't | have time for that. So, then, I remain in agreement with the | (2015) Moxie that posted this. | geoah wrote: | Original discussion (2015) on this had some pretty interesting | opinions on the matter, | https://news.ycombinator.com/item?id=16057579 | upofadown wrote: | I've recently spent a fair bit of time thinking about where | encrypted messaging has been and where it ended up... | | Yes, PGP sucks. Unfortunately everything else sucks as well. | | Signal Messenger is as good an example as anything. To use it | effectively you need to know these concepts: | | * What safety numbers are. Why you need to use them to establish | an identity for a contact. Why you need to do something when they | unexpectedly change. What that something is that you need to do. | | * Why you can't keep around old messages if you want forward | secrecy. What forward secrecy is and why you might want it. | | * What deniability is. What you have to do if you want to attempt | to exercise it. | | Note that Signal ended up making it significantly easier to | ignore the change of safety numbers some years ago. The users | simply were bothered with no idea of why it was important. | | Public key cryptography is complicated and involves multiple | basic concepts that need to be learned if you are going to use it | for messaging. Making things more complicated and adding features | as in the case of Signal protocol does not help if it adds to the | list of concepts. We haven't yet come to terms with the basic | stuff. | | There seems to be a cycle here. Someone comes out with a cool new | thing. Regular people fail to be able to use that thing. No one | seems to know why. Repeat. Signal is a good current example of | that. | | The thing is, the root cause has been known for something like 20 | years now. I will leave with a quote from the classic encrypted | messaging study, Why Johnny Can't Encrypt: | | >... it is clear that there is a need to communicate an accurate | conceptual model of the security to the user as quickly as | possible. The smaller and simpler that conceptual model is, the | more plausible it will be that we can succeed in doing so. ___________________________________________________________________ (page generated 2020-11-29 23:00 UTC)