| ▲ | pheggs 4 days ago |
| I tried to find something in the article that bothered me, but I don’t find it very convincing. Points like "someone can forward your email unencrypted after they decrypt it" are just... well, yeah - that can happen no matter what method you choose. It feels like GPG gets hate for reasons other than what’s actually mentioned, and I'm completely oblivious to what those reasons might be. |
|
| ▲ | tptacek 4 days ago | parent | next [-] |
| It's not that someone can forward your mail unencrypted. It's that in the normal operation of the system, someone taking the natural next step in a conversation (replying) can --- and, in the experience of everyone I've talked to who has used PGP in anger for any extended period of time, inevitably does --- destroy the security of the entire conversation by accidentally replying in plaintext. That can't happen in any modern encrypted messenger. It does happen routinely with encrypted email. |
| |
| ▲ | mjevans 4 days ago | parent | next [-] | | Yes, it's a problem with _email_. pgp as a tool could integrate with that, but in practice fails for... many reasons, the above included. All the other key exchange / etc issues as well. | |
| ▲ | pheggs 3 days ago | parent | prev [-] | | well that's fair, but sounds more like a email client issue than an actual issue with gpg/pgp. My client shows pretty clearly when it gets encrypted. But maybe I am oblivious. | | |
| ▲ | tptacek 3 days ago | parent [-] | | I agree that it's an email problem, which is why I wrote a whole article about why email can't be made secure with any reasonable client. But email is overwhelmingly the messaging channel PGP users use; in fact, it's a common-cited reason why people continue to use PGP (because it allows them to encrypt email). | | |
| ▲ | pheggs 3 days ago | parent [-] | | out of curiosity, would you like to share why you think it's an email protocol problem? Because I see that more as an email client problem | | |
| ▲ | akerl_ 3 days ago | parent [-] | | A protocol that doesn’t enforce security and relies on clients to choose to implement it is a broken protocol, from a security standpoint. Even if secure email clients exist that always make right choices, because you can’t know what client all your recipients are using, all it takes is one person with a “bad” client (which, keep in mind, is a client that accurately implements the protocol but doesn’t enforce additional security rules on top) to ruin things. |
|
|
|
|
|
| ▲ | bgwalter 4 days ago | parent | prev [-] |
| Yes, it is odd that this criticism is only allowed for gpg while worse Signal issues are not publicized here: https://cloud.google.com/blog/topics/threat-intelligence/rus... Some Ukrainians may regret that the followed the Signal marketing. I have never heard of a real world exploit that has actually been used like that against gpg. |
| |
| ▲ | tptacek 3 days ago | parent [-] | | Why would anyone care if you brought phishing attacks on Signal users up? | | |
| ▲ | bgwalter 3 days ago | parent [-] | | People who do not wish to get killed may care. | | |
| ▲ | tptacek 3 days ago | parent [-] | | Those people shouldn't be, and thankfully aren't, using PGP. Nobody is suppressing this report on phishing attacks against Signal users; it's just not as big a deal as what's wrong with PGP. | | |
| ▲ | bgwalter 3 days ago | parent [-] | | Accidentally replying in plaintext is a user error, scanning a QR code is a user error. Yet one system is declared secure (Signal), the other is declared insecure. Despite the fact that the QR code issue happened in a war zone, whereas I have not heard of a similar PGP fail in the real world. | | |
| ▲ | tptacek 3 days ago | parent [-] | | First of all, accidentally replying in plaintext is hardly the only problem with PGP, just the most obvious one. Secondly, it's not user error: modern messaging cryptography is designed not to allow it to happen. | | |
| ▲ | bgwalter 3 days ago | parent [-] | | Modern cryptography should also not allow users to activate a sketchy linked device feature by scanning a QR code: "Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim's account to an actor-controlled Signal instance." This is a complete failure of the cryptosystem, worse than the issue of responding in plaintext. You can at least design an email client that simply refuses to send plaintext messages because PGP is modular. | | |
| ▲ | tptacek 3 days ago | parent [-] | | I'm comfortable with what this thread says about our respective arguments. Thanks! |
|
|
|
|
|
|
|
