[liberationtech] the 14th reason not to start using PGP is out!
Jillian C. York
jilliancyork at gmail.com
Thu Nov 21 21:34:33 PST 2013
+1
On Thu, Nov 21, 2013 at 7:13 AM, Julian Oliver <julian at julianoliver.com>wrote:
> ..on Thu, Nov 21, 2013 at 03:56:36AM -0800, Gregory Maxwell wrote:
> > On Thu, Nov 21, 2013 at 12:31 AM, elijah <elijah at riseup.net> wrote:
> > > I don't need to beat a dead horse, but nearly every email from carlo
> > > contains one or more logical fallacies. This email contains two: the
> > > strawman fallacy (enigmail has poor security, so no usage of OpenPGP
> can
> > > have good security) and the composition fallacy (hkp keyservers are
> part of
> > > how OpenPGP works, and they leak metadata, so you can't protect
> metadata
> > > with OpenPGP).
> >
> > So, "A spherical user in harmonic motion could use the system safely
> > on alternative Tuesdays. Q.E.D." ?
> >
> > Common, recommended applications and usage patterns have this problem.
> > It isn't a strawman to argue out that PGP is widely unsafe in
> > practice, and to support that position with specific examples.
> >
> > AFAICT every complaint he makes is rooted in real limitations in the
> > technology or the surrounding ecosystem as deployed, and the
> > limitations are substantive and of a kind which could cause people
> > harm. They may not apply universally, but that they apply at all is a
> > problem.
>
> Indeed, but there's a wide gulf between asserting that people should not
> use (or
> start to use) PGP at all until a better solution is available - as he does
> - and
> developing (and testing) alternatives in parallel. After all, any
> alternative
> might prove to be more or equally as vulnerable as PGP.
>
> For the time being PGP continues to work pretty well here for my
> non-life-and-death communication needs. I'd rather use PGP than send mail
> in the
> clear. I'm sure this sentiment is shared by many others.
>
> Cheers,
>
> --
> Julian Oliver
> PGP 36EED09D
> http://julianoliver.com
> http://criticalengineering.org
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
--
*Note: *I am slowly extricating myself from Gmail. Please change your
address books to: jilliancyork at riseup.net or jillian at eff.org.
"We must not be afraid of dreaming the seemingly impossible if we want the
seemingly impossible to become a reality" - *Vaclav Havel*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20131122/022fea36/attachment.html>
More information about the liberationtech
mailing list