On Sat, Aug 30, 2025 at 09:07:26PM +0300, Teemu Likonen wrote:
> No big harm in that case but if a technical person like Debian
> project leader can fail (to respect) encryption then anyone can and
> the whole email encryption idea is doomed or restricted to really
> known trusted parties.
It's not surprising as the entire history of PGP/GPG is that of UI and
UX failure.
It's not even restricted to the email part; in the distant past I
submitted my public key to keyrings that were distributed by organisers
prior to "key signing" parties with the idea of making the process
faster¹, then I wasn't able to attend. Yet still tens of participants
sent me back signed copies of my key. I wasn't even *there* yet there
are tens of people who were willing to sign with absolute authority that
they met me and checked my government ID. And those are people already
part of the FOSS community who were specifically interested in the PGP
web of trust, not anywhere near average computer users.
Worse still, they uploaded their signed copies of my public key to
keyservers without my consent so I couldn't even clean things up on an
honestly basis by not accepting signatures of people I know I never met.
The key was out there on the hopelessly broken keyserver network (which
doesn't even really exist now due to how unscalable it was).
There is also a past story of a Debian Developer who attended a key
signing party at a Debconf and used their own originally created citizen
ID of a nation that doesn't exist, and this was signed by many other
Debian Developers.
PGP was a great invention but it's really like the "next draw the rest
of the owl" of secure communication.
Cryptography engineers have been tearing their hair out over PGP’s
deficiencies for (literally) decades. When other kinds of engineers get
wind of this, they’re shocked. PGP is bad? Why do people keep telling
me to use PGP? The answer is that they shouldn’t be telling you that,
because PGP is bad and needs to go away.
There are, as you’re about to see, lots of problems with PGP.
Fortunately, if you’re not morbidly curious, there’s a simple
meta-problem with it: it was designed in the 1990s, before serious
modern cryptography. No competent crypto engineer would design a system
that looked like PGP today, nor tolerate most of its defects in any
other design. Serious cryptographers have largely given up on PGP and
don’t spend much time publishing on it anymore (with a notable
exception). Well-understood problems in PGP have gone unaddressed for
over a decade because of this.
Jeff