Florian Berger dijo [Sun, Feb 25, 2024 at 12:13:33PM +0000]:
Hello everyone,
Hello Florian,
I have a question about the general state of the PGP ecosystem, and Sequoia's role in it, and I hope this is the right place to ask. If not, apologies, and kindly direct me somewhere more fitting.
I will bite. I first and foremost must disclose I'm not related to Sequoia in any way other than considering them to be a highly competent and very friendly team, creating great software.
I had been an avid user and advocate of PGP until some time in 2018/2018, when first Efail surfaced (with its infamous "Don't use HTML mails" workaround [1]), and then the keyserver attacks followed. [2] In summer 2019, Latacora's "The PGP Problem" was published [3], spurring a (...) Not it's 2024, people still encrypt email using PGP, Thunderbird incorporated PGP in 2020, Sequoia goes in its 7th year with increasing adoption, and I, after a long break, am trying to find out what is actually going on.
My question: Is PGP, as a technology, merely on life support, and should still be generally avoided – or has it, given younger implementations such as Sequoia, become viable again as a future-proof foundation for communication, authentication etc.?
PGP has had more than a fair share of usability issues --- and its documented awfulness goes way earlier than what you describe. Think 1999¹... With many, many follow-ups.
¹ "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0", by Alma Whitten and Doug Tygar; USENIX Security Symposium, https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten.ps
An even more mind-boggling issue is that this was even before the creation of GnuPG... Which recreated the usability issues in any preceding version of OpenPGP-handling tools (OpenPGP is the name of the standard published in 2007).
The terrible usability of OpenPGP tools has always been defended because of the amount of complicated things the tools must provide to the user. I must say, Sequoia has greatly improved over GnuPG's, but is still quite hard for a non-initiated.
But no, I don't think your last paragraph is faithful to truth. Of course, OpenPGP is not the standard you are looking for if you want easy-to-do encryption for the masses... but it's great for many use cases.
Back in the day, I was especially worried about the lack of forward secrecy, keys as long term secrets and impractical identity tokens, the public WoT, and the overall complexity of the system design.
Forward secrecy is important when you are having a chat, such as with instant messengers. But if you are signing a binding document, you clearly don't want it! If you want a document to remain linked to the identity that approved it several years ago, perfect forward secrecy buys you nothing
the public WoT is impractical if you want to find trust paths among the nontechnical population at large, but is still one of the most important characteristics of OpenPGP for many projects (in this case, I _can_ talk about my own experience, as I'm one of the responsible people for the Debian project's OpenPGP keyring for close to 15 years).
That of course is a broad and somewhat audacious question. I am merely looking looking for an overview of the state of affairs from a Sequoia perspective, or respective pointers/links, since even Wikipedia just seems to sum up the status quo as "PGP and OpenPGP have been criticized". [9]
In my opinion, it has been great that "Off-The-Record" (OTR) appeared with the characteristics you highlight. It is the right encryption method for a centralized instant-messaging application, and its Trust-On-First-Use trust conveying mode is just genius for some applications.
The world is much larger than that, however. Yes, there are billions of users of TLS- or OTR-based encryption in its different forms, and probably we are in the tens-of-thousands of people using OpenPGP on a daily basis. But for tens of thousands of people, it serves to solve an important problem. And I'm more than happy that people such as Sequoia's great team are behind it!
- Gunnar.