[liberationtech] the 14th reason not to start using PGP is out!

[Gregory Maxwell]

On Thu, Nov 21, 2013 at 12:31 AM, elijah <elijah at riseup.net> wrote:
> I don't need to beat a dead horse, but nearly every email from carlo
> contains one or more logical fallacies. This email contains two: the
> strawman fallacy (enigmail has poor security, so no usage of OpenPGP can
> have good security) and the composition fallacy (hkp keyservers are part of
> how OpenPGP works, and they leak metadata, so you can't protect metadata
> with OpenPGP).

So, "A spherical user in harmonic motion could use the system safely
on alternative Tuesdays. Q.E.D." ?

Common, recommended applications and usage patterns have this problem.
It isn't a strawman to argue out that PGP is widely unsafe in
practice, and to support that position with specific examples.

AFAICT every complaint he makes is rooted in real limitations in the
technology or the surrounding ecosystem as deployed, and the
limitations are substantive and of a kind which could cause people
harm. They may not apply universally, but that they apply at all is a
problem.

Instead of spending your time pattern matching his messages with
prefabricated excuses to ignore them... why not also work on trying to
improve the ecosystem so that the security of PGP in practice is
unimpeachable, even by arguments 'merely' grounded in an assumption
that a user isn't using perfect software or engaging in perfect usage?