Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain

micah micah at
Wed Jun 12 08:54:07 PDT 2013

Andy Isaacson <adi at> writes:
> I use gnupg daily.

So do I, and you might too, and do not realize it! If you use Debian, a
Debian derivative (like Ubuntu), you use this stuff all the time, and
don't even have to think about it. 

>> I do not consider the tools easy to use at all ...

When you talk about how hard this stuff is, and how unusable it is,
don't forget that there are cases where it is so easy and usable that
you are not even aware of it. 

Granted, this isn't the way that you are talking about using it, but
since it is fashionable now days to complain about how unusable
encryption is, I think we need to pause and remember that people have
been working on this a long time, and they deserve give credit where it
is due.

> I routinely, and frequently, still get bitten by design bugs,
> implementation bugs, and UI bugs which continue to make the PGP
> ecosystem effectively unusable.  I cannot recommend PGP for routine use
> to anyone outside of the security community, and I don't think I know
> anyone who has used it consistently for more than 2 years without
> encountering a serious data/comms loss due to PGP bugs or gotchas.

I'm constantly hearing from people who complain about the UI in things
like gnupg. I feel your pain, I do not want to argue that you are
wrong. However, I do want to argue that complaining doesn't help to
solve the problem. I've asked every single person who has complained
about this problem to me recently, "have you filed a bug about your
issues?" and everyone's response is: "no". 

I've done this, and guess what? It works! I filed bugs and had
discussions on the gnupg mailing list that have made your experience
with that tool a little bit better. There are many ways that I think it
can be improved still, don't get me wrong, but the gnupg developers are
reasonable people who want to make the software better, and probably
have been hearing these complaints for years and years and would welcome
a way to make people stop complaining.

It seems there are a lot of people out there who have a clear idea of
what is good and what is bad UI and are pretty vocal about when
something is bad. How about turning that into clear bugs that describe
better workflow and UI? You dont have to be a crypto nerd, or a C
programmer to make this stuff better and easier to use.


More information about the liberationtech mailing list