Search Mailing List Archives
[liberationtech] 10 reasons not to start using PGP
greg at xiph.org
Thu Oct 10 14:08:31 PDT 2013
I'm surprised to see this list has missed the thing that bugs me most
about PGP: It conflates non-repudiation and authentication.
I send Bob an encrypted message that we should meet to discuss the
suppression of free speech in our country. Bob obviously wants to be
sure that the message is coming from me, but maybe Bob is a spy ...
and with PGP the only way the message can easily be authenticated as
being from me is if I cryptographically sign the message, creating
persistent evidence of my words not just to Bob but to Everyone!
When there are only two parties in an encrypted communication this is
_trivial_ to solve cryptographically: just use DH to compute a shared
secret and use it to authenticate the message. (Multiple parties is
solvable too, but requires a ring signature or other more complicated
But PGP has no real solutions for that.
My other big technical complaint about PGP is (3) in the post, that
every encrypted message discloses what key you're communicating with.
PGP easily _undoes_ the privacy that an anonymity network like tor can
provide. It's possible to use --hidden-recipient but almost no one
Its also easy to produce a litany of non-technical complaints: PGP is
almost universally misused (even by people whos lives may depend on
its correct use), the WOT leaks tons of data, etc.
In my view the use of PGP is more appropriately seen as a statement
about the kind of world we want to have— one where encryption is
lawful, widely used, and uncontroversial— and less of a practical way
to achieve security against many threats that exist today.
More information about the liberationtech