Hello everyone,
I have a question about the general state of the PGP ecosystem, and Sequoia's role in it, and I hope this is the right place to ask. If not, apologies, and kindly direct me somewhere more fitting.
I had been an avid user and advocate of PGP until some time in 2018/2018, when first Efail surfaced (with its infamous "Don't use HTML mails" workaround [1]), and then the keyserver attacks followed. [2] In summer 2019, Latacora's "The PGP Problem" was published [3], spurring a considerable level of agreement within the community [4], and even from GnuPG development [5]. Researching these, I stumbled across even earlier PGP rejections, such as by Matthew Green in 2014 [6] and by Filipo Valsorda in 2016 [7]. And then there is secushare's "15 reasons not to start using PGP" [8].
I know that some of the criticism is about PGP as a technology, and quite a few are about the GnuPG implementation. Nonetheless, I subsequently made a hard cut, abandoned PGP-encrypted email altogether, moved sensitive communication to Signal, and tried to bring the matter to the attention of colleagues, friends and family, with varying degrees of success. Then, for some years, I ignored everything around PGP, and basically waited for it to die.
Not it's 2024, people still encrypt email using PGP, Thunderbird incorporated PGP in 2020, Sequoia goes in its 7th year with increasing adoption, and I, after a long break, am trying to find out what is actually going on.
My question: Is PGP, as a technology, merely on life support, and should still be generally avoided – or has it, given younger implementations such as Sequoia, become viable again as a future-proof foundation for communication, authentication etc.?
Back in the day, I was especially worried about the lack of forward secrecy, keys as long term secrets and impractical identity tokens, the public WoT, and the overall complexity of the system design.
That of course is a broad and somewhat audacious question. I am merely looking looking for an overview of the state of affairs from a Sequoia perspective, or respective pointers/links, since even Wikipedia just seems to sum up the status quo as "PGP and OpenPGP have been criticized". [9]
[1] https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html [2] https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f [3] https://www.latacora.com/blog/2019/07/16/the-pgp-problem/ [4] https://news.ycombinator.com/item?id=20455780 [5] https://lists.gnupg.org/pipermail/gnupg-users/2019-July/062384.html [6] https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/ [7] https://words.filippo.io/giving-up-on-long-term-pgp/ [8] https://secushare.org/PGP [9] https://en.wikipedia.org/w/index.php?title=Pretty_Good_Privacy&oldid=120...
Thanks for your patience and effort,
Florian
Florian Berger dijo [Sun, Feb 25, 2024 at 12:13:33PM +0000]:
Hello everyone,
Hello Florian,
I have a question about the general state of the PGP ecosystem, and Sequoia's role in it, and I hope this is the right place to ask. If not, apologies, and kindly direct me somewhere more fitting.
I will bite. I first and foremost must disclose I'm not related to Sequoia in any way other than considering them to be a highly competent and very friendly team, creating great software.
I had been an avid user and advocate of PGP until some time in 2018/2018, when first Efail surfaced (with its infamous "Don't use HTML mails" workaround [1]), and then the keyserver attacks followed. [2] In summer 2019, Latacora's "The PGP Problem" was published [3], spurring a (...) Not it's 2024, people still encrypt email using PGP, Thunderbird incorporated PGP in 2020, Sequoia goes in its 7th year with increasing adoption, and I, after a long break, am trying to find out what is actually going on.
My question: Is PGP, as a technology, merely on life support, and should still be generally avoided – or has it, given younger implementations such as Sequoia, become viable again as a future-proof foundation for communication, authentication etc.?
PGP has had more than a fair share of usability issues --- and its documented awfulness goes way earlier than what you describe. Think 1999¹... With many, many follow-ups.
¹ "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0", by Alma Whitten and Doug Tygar; USENIX Security Symposium, https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten.ps
An even more mind-boggling issue is that this was even before the creation of GnuPG... Which recreated the usability issues in any preceding version of OpenPGP-handling tools (OpenPGP is the name of the standard published in 2007).
The terrible usability of OpenPGP tools has always been defended because of the amount of complicated things the tools must provide to the user. I must say, Sequoia has greatly improved over GnuPG's, but is still quite hard for a non-initiated.
But no, I don't think your last paragraph is faithful to truth. Of course, OpenPGP is not the standard you are looking for if you want easy-to-do encryption for the masses... but it's great for many use cases.
Back in the day, I was especially worried about the lack of forward secrecy, keys as long term secrets and impractical identity tokens, the public WoT, and the overall complexity of the system design.
Forward secrecy is important when you are having a chat, such as with instant messengers. But if you are signing a binding document, you clearly don't want it! If you want a document to remain linked to the identity that approved it several years ago, perfect forward secrecy buys you nothing
the public WoT is impractical if you want to find trust paths among the nontechnical population at large, but is still one of the most important characteristics of OpenPGP for many projects (in this case, I _can_ talk about my own experience, as I'm one of the responsible people for the Debian project's OpenPGP keyring for close to 15 years).
That of course is a broad and somewhat audacious question. I am merely looking looking for an overview of the state of affairs from a Sequoia perspective, or respective pointers/links, since even Wikipedia just seems to sum up the status quo as "PGP and OpenPGP have been criticized". [9]
In my opinion, it has been great that "Off-The-Record" (OTR) appeared with the characteristics you highlight. It is the right encryption method for a centralized instant-messaging application, and its Trust-On-First-Use trust conveying mode is just genius for some applications.
The world is much larger than that, however. Yes, there are billions of users of TLS- or OTR-based encryption in its different forms, and probably we are in the tens-of-thousands of people using OpenPGP on a daily basis. But for tens of thousands of people, it serves to solve an important problem. And I'm more than happy that people such as Sequoia's great team are behind it!
- Gunnar.
Hello Gunnar,
thanks for your answer! That was insightful.
On 27.02.24 17:48, Gunnar Wolf wrote:
I will bite.
My question is in no way intended as any sort of bait, just to clarify that. I am simply somewhat puzzled trying to figure out the current state of affairs, and I know there are quite some people out there who feel alike.
I first and foremost must disclose I'm not related to Sequoia in any way other than considering them to be a highly competent and very friendly team, creating great software.
That aligns with my impressions, and was the reason I asked here. :-)
I am still interested in any feedback or pointers on the current state of PGP.
Kind regards
Florian
Hi Florian :)
Florian Berger flberger-lists@posteo.net writes:
I am still interested in any feedback or pointers on the current state of PGP.
The revision of the OpenPGP standard is almost complete, it is being edited right now (or is waiting to be edited) by the RFC editors. You can read the current draft now, which will not change (modulo editorial changes):
https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/
The OpenPGP working group has been re-chartered, and you can read the charter here:
https://datatracker.ietf.org/wg/openpgp/about/
You'll note that, for example, forward secrecy is in scope for the working group now, as are cleanups.
There are a number of high-quality OpenPGP implementations in various languages, so this aspect has improved considerably over the last decade. Interoperability is being tested here:
https://tests.sequoia-pgp.org/
Best, Justus
On 03.03.24 15:47, Justus Winter wrote:
The revision of the OpenPGP standard is almost complete, it is being edited right now [...]
The OpenPGP working group has been re-chartered, and you can read the charter here:
[...]
You'll note that, for example, forward secrecy is in scope for the working group now, as are cleanups.
There are a number of high-quality OpenPGP implementations in various languages, so this aspect has improved considerably over the last decade.
That is immensly useful information, half of which I wasn't aware of.
Thank you, Justus!
Florian