Mailing List Archive

Your Thoughts
Your Thoughts :)

https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/

--
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! https://gbenet.com

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Your Thoughts [ In reply to ]
* david@gbenet.com:

> Your Thoughts :)

I think the article is five years old, has not aged well (e.g. MUA
integration has improved), and that nothing better than PGP has come
along in the meantime.

Next. ;-)

-Ralph

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Your Thoughts [ In reply to ]
It’s not so much that nothing better has come along, it’s that no single one of those things does all the things PGP sets out to do. For secure communications there are much better options than PGP - some of them in very heavy use by actual normal, non tech people. For symmetric encryption of files there much better options out there. For signing files there are other options (though perhaps not better).


Does anyone know what PGP’s peak adoption rate was? I always loved it in concept but very very rarely saw people actually trying to use it in the wild, outside of the types of people who read this list.


-Ryan McGinnis
https://bigstormpicture.com
PGP: 486ED7AD
Sent with ProtonMail

??????? Original Message ???????
On Sunday, June 30, 2019 3:01 PM, Ralph Seichter <abbot@monksofcool.net> wrote:

> * david@gbenet.com:
>

> > Your Thoughts :)
>

> I think the article is five years old, has not aged well (e.g. MUA
> integration has improved), and that nothing better than PGP has come
> along in the meantime.
>

> Next. ;-)
>

> -Ralph
>

> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Your Thoughts [ In reply to ]
> I think the article is five years old, has not aged well (e.g. MUA
> integration has improved), and that nothing better than PGP has come
> along in the meantime.
I think Matthew Green is a very sharp fellow and his criticisms are
thoroughly on-point. My biggest complaint about that article is that he
doesn't draw a clean distinction among the OpenPGP specification, how
software packages like GnuPG choose to implement the specification, and
the supporting ecosystem that is neither OpenPGP nor implementation.

The OpenPGP spec says surprisingly little about what the format of a key
should be, for instance. If you look at GnuPG's key export format, it
was chosen in the late '90s to be interoperable with PGP Security's PGP
5.0 offering (which was, at the time, pretty much cutting-edge).

Well -- nowadays GnuPG is the big mover in that space. There's a strong
argument to be made that GnuPG should be more of an innovator. There's
no reason anymore to retain the old and inefficient PGP 5 format. We
can change it and still be compliant with the spec: maybe we should. I
think we should.

And hey, if we fix the key exchange format, that's one massive section
of his objections gone. That set of objections isn't to OpenPGP, it's
purely about how we implement it.

Another major complaint of his is the keyserver network, which we've
known for years was inadequate. It was also the only game in town and
there was neither the money nor the manpower to do a better job. Now
we've got Autocrypt, WKD, and Hagrid: of these Autocrypt is probably the
most mature and the easiest for email users. We've got three at least
arguably better ways of distributing certificates: if we can actually
persuade people to start using them, we can fix this and wipe another
set of complaints off his list. His set of objections here is not to
either OpenPGP or an implementation of it, but rather the support ecosystem.

(Note to anyone who thinks I'm saying "it's kinda good that this Great
Unpleasantness is happening because it's making people migrate": no.
Absolutely not. The people behind this deserve to be shunned by our
community and exiled from our mailing lists. They are not our friends.)

About the only actual protocol-level complaints Professor Green has are:

1. OpenPGP has no forward secrecy. (Correct! I'd love to see the
OpenPGP Working Group tackle this. I'm not sure it can be done for
offline asynchronous communications, but it would be good to at least
investigate the possibilities.)

2. OpenPGP has no AE/AEAD mode. (Incorrect! The MDC is a form of
authenticated encryption. It predates modern AE/AEAD and looks kind of
baroque to modern eyes, but it's AE. The fact some mail clients
*ignore* the AE is a different [and very serious!] matter. Further, the
latest RFC4880bis spec -- which was written after Professor Green's
blogpost -- explicitly incorporates modern AE/AEAD.)

My complaint about Professor Green's blogpost is that he treats PGP as a
single monolithic block, instead of as different plants in a garden that
all grow interdependently. The OpenPGP protocol is solid. But we can,
and I think we need to, do a serious modernization pass on how we choose
to *implement* that protocol.

If I were to set priorities for GnuPG?

1. Set a flag day. Past a certain date, old-and-busted certificates
and data formats will simply not be supported. They won't be written,
they won't be read, they won't be processed, GnuPG will simply say
"nope, that might be legit old-school RFC4880 traffic but I'm not going
to play that game."

2. Overhaul the key format.

3. Do away with user IDs. Only use key IDs. If a user wants to
associate a key with an email address, let them: but user IDs originally
existed *mostly* to support the email use case, and with the advent of
Autocrypt that's not such an issue any more. (Note that a lot of thorny
problems suddenly just *go away* if you stop using userIDs.)

4. Require a limited subset of the RFC4880bis standard to be used.
Keep support for adding ciphers to the spec -- algorithm agility is a
wonderful thing -- but by default only use one specific ECC algorithm in
one specific key length, with AES256 as a symmetric cipher, and SHA512
for a hash. GnuPG's ability to support arbitrary preferences and
algorithms is neat technically but I have literally *never* seen it be
necessary in field usage, and I have seen people accidentally degrade
their security literally *hundreds* of times. (If your cipher
preferences are 3DES AES128 AES256, for instance? Say hello to 3DES:
you will literally never use AES256.)

5. If we're going to continue to have a keyserver network the only way
forward is to burn it down and build something newer and better. There
are no other realistic options.

6. Develop a well-defined output format. Werner & co. like to say the
output of --with-colons is well-defined. It's not. Unless there's
something like a DTD or a BNF specification and the output can be
formally verified against the specification, what you have is ad hoc.
The processing bugs the Efail paper exploited were overwhelmingly caused
by MUA authors misunderstanding or misinterpreting the output GnuPG was
giving it.


... Would this be painful? Sure. But it doesn't involve throwing out
the OpenPGP spec, just overhauling how we implement it and the
supporting software ecosystem. That would be *hard*, don't get me
wrong, and I am *in no way* saying this would be easy.

But worth it? I dunno. Maybe. Yeah. Let's throw it out there, let's
talk about it.

But that's just me. :)

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Your Thoughts [ In reply to ]
On 30/06/2019 21:01, Ralph Seichter wrote:
> * david@gbenet.com:
>
>> Your Thoughts :)
>
> I think the article is five years old, has not aged well (e.g. MUA
> integration has improved), and that nothing better than PGP has come
> along in the meantime.
>
> Next. ;-)
>
> -Ralph
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

I have used gnupg for years and converted just a handful to encrypt
their emails - and it's beyond my comprehension why it is that normal
people do not encrypt their emails by default.

Over the years GUIs have come along and gpg4win - perhaps people are not
that concerned about GCHQ and the NSA reading all their emails - they
read everything else from all thier devices.

We know FaceBook Google etc.. hand over all data to the NSA and GCHQ and
their are rumours that SSL has been cracked - am sure it has as my
website and database were hacked and my host provider had 3 mail servers
hacked in a matter of 3 days - much to their shock.

I think for Windows users gpg4win attempts to provide a GUI that makes
installation easy - but only geeks use it :)

I try to promote user encryption on my website (it's down at this time)
but very very few people take their daily lives seriously.

David


--
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! https://gbenet.com
Re: Your Thoughts [ In reply to ]
David wrote:

> Your Thoughts :)
>
> https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/
>

I agree with Professor Green. Maybe he and his students can
program a POC something more simple, preferably in Golang and
while using the NaCl* library.

I think also (sorry to say this Werner!) the problem is that
GnuPG is Linux cli based and not like MacPGP from Mr. Zimmermann,
back in the 90's was GUI based with much lesser commands and
easier to learn. There was back then no Enigmail or other
MUA plug-ins and you could simply copy and paste your messages.

A real "modern" GnuPG should be IMHO the same as PGP was GUI based
back then. The GUI could be also cross-platform QT based, for
example.

I also don't understand why GnuPG needs so many components, like
pinentry, dirmngr and gpg-agent plus GnuPG itself, while MacPGP
from Mr Zimmermann was only one program.

*And regarding key formats, standards, RFC's etc. my new NaCl
(pronounced salt) pub key which I use now with friends for email
communication looks like this :-) :

4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56

As you can see no infos about me, like email, name etc. and the
communications are authenticated and no need for signing messages
and no WoT or key servers! :-) Should also fit nicely on a business
card.

Regards
Stefan





_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Your Thoughts [ In reply to ]
On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> I agree with Professor Green. Maybe he and his students can
> program a POC something more simple, preferably in Golang and
> while using the NaCl* library.

Golang? Not Rust? :-P

I do find it odd how many projects make such a big deal of what language
they're written in. It shouldn't matter what language you use so long as
it works (and is memory safe).

> There was back then no Enigmail or other
> MUA plug-ins and you could simply copy and paste your messages.

Who wants to copy and paste messages? That's soooo 1995.

> A real "modern" GnuPG should be IMHO the same as PGP was GUI based
> back then. The GUI could be also cross-platform QT based, for
> example.

You can't script a GUI, but you can GUI a CLI - and there is no shortage
of decent GUI interfaces for GnuPG.

> I also don't understand why GnuPG needs so many components, like
> pinentry, dirmngr and gpg-agent plus GnuPG itself, while MacPGP
> from Mr Zimmermann was only one program.

Most of those are separate because of security concerns. Monolithic
systems may look simpler from the outside, but they're often a bucket of
bolts on the inside. Role separation is your friend.

> *And regarding key formats, standards, RFC's etc. my new NaCl
> (pronounced salt) pub key which I use now with friends for email
> communication looks like this :-) :

Yes, it is possible to make very short public keys by stripping all
non-mathematical information and using ECC (SSH's ECC keys are similarly
terse). I'm skeptical of the long-term safety of ECC though (the NSA
appears to agree[1]) so while it may be worth using for session keys I'm
not going to trust it with my long-term identity. And the
non-mathematical information has its uses if you're maintaining any sort
of PKI.

[1]
https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/

--
Andrew Gallagher
Re: Your Thoughts [ In reply to ]
On Mon, 2019-07-01 at 15:38 +0100, Andrew Gallagher wrote:
> On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> > I agree with Professor Green. Maybe he and his students can
> > program a POC something more simple, preferably in Golang and
> > while using the NaCl* library.
>
> Golang? Not Rust? :-P
>
> I do find it odd how many projects make such a big deal of what language
> they're written in. It shouldn't matter what language you use so long as
> it works (and is memory safe).

I do find it odd how many projects choose exotic languages and then
become defunct because few years later nobody wants to touch them.
Presuming you're still able to build them. It's ironic people still
don't see that even though SKS has just proven an example of that.

--
Best regards,
Micha? Górny
Re: Your Thoughts [ In reply to ]
Andrew Gallagher wrote:

> On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> > I agree with Professor Green. Maybe he and his students can
> > program a POC something more simple, preferably in Golang and
> > while using the NaCl* library.
>
> Golang? Not Rust? :-P

He he, I have tried to compile sequoia-pgp under Windows 10
and failed miserably, do to the "excellent" compile instructions
for Windows. I played with Rust in the past, under macOS, and
never had problems.

What I would like to do is to create a binary of sequoia-pgp under
Windows 10 and then use the binary under Windows 7, offline.

With Golang it would be no big deal, because that is super easy,
but as understood the openpgp libs for Golang are not so good
as the Rust ones.

> Who wants to copy and paste messages? That's soooo 1995.

Me for example :-) Why? I use encryption tools *offline*
on my Notebook and then copy/paste the encrypted messages
into CoolTerm to transfer them then via my USB to USB Nullmodem
cable to my online computer. :-)

> > A real "modern" GnuPG should be IMHO the same as PGP was GUI based
> > back then. The GUI could be also cross-platform QT based, for
> > example.
>
> You can't script a GUI, but you can GUI a CLI - and there is no shortage
> of decent GUI interfaces for GnuPG.

I am aware of that, but I do have (Golang) tools which work as cli
tools and they can be used with an extra written GUI program, if
someone likes to do so. Very handy!

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Your Thoughts [ In reply to ]
On 2019/07/01 16:26, Stefan Claas via Gnupg-users wrote:
> I use encryption tools *offline*
> on my Notebook and then copy/paste the encrypted messages
> into CoolTerm to transfer them then via my USB to USB Nullmodem
> cable to my online computer. :-)

That seems excessively baroque. What's your threat model? Is it really
so dire that Tails isn't sufficiently sandboxed for you?

>> You can't script a GUI, but you can GUI a CLI - and there is no shortage
>> of decent GUI interfaces for GnuPG.
>
> I am aware of that, but I do have (Golang) tools which work as cli
> tools and they can be used with an extra written GUI program, if
> someone likes to do so. Very handy!

I agree that's the way user interfaces should be, but now I'm unclear
what your complaint about GnuPG is, given that it's a CLI tool
optionally wrapped in a GUI interface.

--
Andrew Gallagher
Re: Your Thoughts [ In reply to ]
Andrew Gallagher wrote:

> On 2019/07/01 16:26, Stefan Claas via Gnupg-users wrote:
> > I use encryption tools *offline*
> > on my Notebook and then copy/paste the encrypted messages
> > into CoolTerm to transfer them then via my USB to USB Nullmodem
> > cable to my online computer. :-)
>
> That seems excessively baroque. What's your threat model? Is it really
> so dire that Tails isn't sufficiently sandboxed for you?

My thread model is actually low, but my Linux Notebook was recently
hacked and I don't trust my Windows 10 PC. I also had a couple of
days ago a "nice" thing happen, that when sending a messsage in German
from my VPS it arrived with other text content in Cyrillic at Gmail,
in real time, so to speak. Cool, eh?

Regardless if Tails or Linux etc. I no longer do encryption / decription
with online computers.

Seriously I think when using crypto tools in cli mode then users
should also try to do that offline and "celebrate" a bit the encryption /
decription procedure, unless of course they have a business running with
plenty of messages per day.

>
> >> You can't script a GUI, but you can GUI a CLI - and there is no shortage
> >> of decent GUI interfaces for GnuPG.
> >
> > I am aware of that, but I do have (Golang) tools which work as cli
> > tools and they can be used with an extra written GUI program, if
> > someone likes to do so. Very handy!
>
> I agree that's the way user interfaces should be, but now I'm unclear
> what your complaint about GnuPG is, given that it's a CLI tool
> optionally wrapped in a GUI interface.

Sorry, there was no complaining intended from my side.

Regards
Stefan


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users