[liberationtech] the 14th reason not to start using PGP is out!
Julian Oliver
julian at julianoliver.com
Thu Nov 21 04:13:38 PST 2013
..on Thu, Nov 21, 2013 at 03:56:36AM -0800, Gregory Maxwell wrote:
> On Thu, Nov 21, 2013 at 12:31 AM, elijah <elijah at riseup.net> wrote:
> > I don't need to beat a dead horse, but nearly every email from carlo
> > contains one or more logical fallacies. This email contains two: the
> > strawman fallacy (enigmail has poor security, so no usage of OpenPGP can
> > have good security) and the composition fallacy (hkp keyservers are part of
> > how OpenPGP works, and they leak metadata, so you can't protect metadata
> > with OpenPGP).
>
> So, "A spherical user in harmonic motion could use the system safely
> on alternative Tuesdays. Q.E.D." ?
>
> Common, recommended applications and usage patterns have this problem.
> It isn't a strawman to argue out that PGP is widely unsafe in
> practice, and to support that position with specific examples.
>
> AFAICT every complaint he makes is rooted in real limitations in the
> technology or the surrounding ecosystem as deployed, and the
> limitations are substantive and of a kind which could cause people
> harm. They may not apply universally, but that they apply at all is a
> problem.
Indeed, but there's a wide gulf between asserting that people should not use (or
start to use) PGP at all until a better solution is available - as he does - and
developing (and testing) alternatives in parallel. After all, any alternative
might prove to be more or equally as vulnerable as PGP.
For the time being PGP continues to work pretty well here for my
non-life-and-death communication needs. I'd rather use PGP than send mail in the
clear. I'm sure this sentiment is shared by many others.
Cheers,
--
Julian Oliver
PGP 36EED09D
http://julianoliver.com
http://criticalengineering.org
More information about the liberationtech
mailing list