On Sun, Aug 31, 2025 at 07:11:17AM -0400, Jeffrey Walton wrote:
[...]
> Add it to the list at The PGP Problem, <
> https://www.latacora.com/blog/2019/07/16/the-pgp-problem/>:
>
> Cryptography engineers have been tearing their hair out over PGP’s
> deficiencies for (literally) decades. When other kinds of engineers get
> wind of this, they’re shocked. PGP is bad? Why do people keep telling
> me to use PGP? The answer is that they shouldn’t be telling you that,
> because PGP is bad and needs to go away.
>
> There are, as you’re about to see, lots of problems with PGP.
> Fortunately, if you’re not morbidly curious, there’s a simple
> meta-problem with it: it was designed in the 1990s, before serious
> modern cryptography. No competent crypto engineer would design a system
> that looked like PGP today, nor tolerate most of its defects in any
> other design. Serious cryptographers have largely given up on PGP and
> don’t spend much time publishing on it anymore (with a notable
> exception). Well-understood problems in PGP have gone unaddressed for
> over a decade because of this.
Much fluff, no content.
Perhaps you should read the whole article, and not the two introductory paragraphs that were cited.
Jeff