To be fair, at least Whisper Systems and the Guardian Project are doing great work to try to make encryption in various implementations work better for the average user. And let's be fair, groups like these and the LiberationTech community runs on a shoestring in comparison to even one large commercial tool.

GPG key ID is automatically inserted into contacts https://code.google.com/p/googlecl/ so when the user deletes a contact the script reads the KeyID and removes it from the keyring as well. It had to be Google contacts it wasn't my decision. Nobody wanted to change their mail app workflow and they couldn't figure out gpgtools/gpg suite so this poor scheme was devised but it works.

The janky part comes when the script checks mail console logs to detect no connection errors when users req to fetch new mail (and suppress popup notifications of this) so they don't have to push a second button to do it outside set intervals that fetch automatically. For some reason it was important that no other buttons existed to fetch new mail. There's probably a Claws Mail plugin that can be written to accomplish all this too if users were willing to switch apps, mutt will do most of it automatically and can be abstracted to make it invisible, or script OpenSMTPD to do this.

The most sensitive use case for GPG has to be sending correspondence that, if decrypted, could put you in severe physical danger. If the choice is between life and death, relative freedom or torture in some black site dungeon, the choice is clear. Using GPG is preferable to death or torture.

This doesn't exactly seem like a ringing endorsement, but if these are the stakes, then you are probably willing to read the equivalent of 40% of Fahrenheit 451 to be secure. You are probably willing to learn to practice good opsec.

It would be fantastic if GPG were displaced by something equally trustworthy and secure, but more user-friendly, and I look forward to the day that happens. But I think that GPG is the best we have, and we should be appreciative of that.

That's what I call faint praise.

Seems like a meager price to ensure another 70 years of life.

See also "deanonymizing alt.anonymous.messages"

https://ritter.vg/blog-deanonymizing_amm.html

I think a lot of engineers make the mistake that regular people will be so won over by a new technology that they'll learn it as well as the engineers do. That isn't how it works. So far we still haven't gotten regular people to learn programming, though more people program than ever before.

Humans like simple. This is not a flaw. Software can do anything, and it is written for us. We should not have to learn a bunch of arcane commands, skills, and concepts unless there is no technical way around this.

Ideal encryption would have a quick initial setup, and then each message would have a sticky button for "encrypt?". Then whatever is required in the backend does what it needs to do.

Complex software that gets the job done is much, much worse than simple software that gets the job done. Unless things get so oversimplified that there is no way to verify correct operation. I agree that people need to learn about encryption, but there's a middle ground between no knowledge and knowing enough about it to use GPG.

You cannot expect to avail of the benefits of crypto without taking some time to understand how different protocols work, how public key vs symmetric key crypto works, etc.

I agree that the situation could be much better than it currently is, but people can't expect to be given everything for free; there mist be some effort from the other side, which I don't see happening today, especially with the widespread disregard for mathematics in the general public.

We could have an open source crypto program with a set of basic modes for use. Maybe "mode 3" is good for basic interaction, while "mode 5" is recommended for whistleblowers but requires another step in the physical world, while modes 1 and 2 are deprecated because they were discovered to be vulnerable or weak.

The above is stuff a regular person can understand. Do they need to know how these modes work? Well, they need to know what input is required, but they don't really need to know how it works behind the scenes if they trust someone else to recommend the basic modes. Then it must certainly be possible to write software that walked a user through how to complete the required information. It could say "plug in your secure USB key now", then "type in your passphrase" and then "remove USB key to continue".

Really, I think engineers have a hard time seeing how easy we could make things. Yes that would all take a ground up rewrite and open source projects don't do well with that. Yes it would be easier if people would just learn, but that's a fantasy and we should understand that.

It must be possible to make a secure communications "wizard". Disregard for mathematics has nothing to do with it. People want to know what to do and they want to use as few steps as possible. Installing a handful of command line utilities and remembering a bunch of commands isn't the answer. One program with a simple graphical interface must be possible.

In order for GPG (or its replacement) to fulfill the dream, it needs to be the norm rather than the exception. There are some companies who could prod things in that direction. GPG acting alone is absolutely not the future.

Besides, the cryptography isn't even very good. There is no forward secrecy, for example. I believe that email has to change at the protocol level in order to fulfill the promise that GPG (PGP) makes. And with so many interested in preventing the security of email, well, it seems like secure email is a dead end. And that's a real shame, because I love the idea of being able to securely send a message between two people on the Internet, using open source software and without trusting any intermediates.

What's fun: using ssh might be similar.

That's something you say while building it, so that you get something working built instead of debating what should built, or instead of adding so much stuff that you never finish. It's not something you say to discourage people from improving something that's already shipped.

name+8znBcmtXJ2ZeSn7fWVCGfpQI9HnJH1pNBPK397SGrT8=@gmail.com

Sure, you'll never actually tell someone this, but it's short enough to copy/paste.

I was talking about EdDSA.

There's nothing special about EdDSA compared to other digital signature schemes.

EDIT: Oh, I realize you were saying that ECC allows much shorter public keys than most signature schemes.

(https://en.wikipedia.org/wiki/Base58)

https://github.com/diafygi/emailpk

https://github.com/google/end-to-end

I'm not sure if this is what you're asking, but Debian developers are required to have their keys signed by a number of other Debian developers. So there is a comprehensive web of trust amongst them.

You can get the entire set of public keys from the "debian-keyring" package, assuming you trust your OS (and you use Debian or a derivative). And if you want to be signed into the strong set, find and ask a Debian developer (you probably have one reasonably local to you).

Enigmail is good though.

I've been using Claws Mail for the past few months. It's simple, fast and stable, and GPG support is fine. That's all I need. It sucks for reading and writing HTML emails, but I'm okay with that. Parts of the UI are still rough (e.g. the main window isn't responsive while the "sending" dialog is open), but it's less worse than Evolution.

Strong crypto for emails has to work like https does for web browsing. Picture if people had to use some command line tool to generate and keep keys in order to do online shopping in their web browser. Compared to just using a (any) browser with https built in.

The amount of people that would want to use some native desktop email client for ALL their email work is likely even smaller than the number that use GPG today! If I couldn't read my email on my phone or on any computer it would have lost most of its value already.

We need entry-level e-mail clients to have GPG/PGP built in. Your post highlights the need to select a client which is why GPG/PGP has a niche user-base who send dull e-mail to Internet Celebrities who happen to share public keys. I mean my parents e-mail client, which would naturally be the default for their operating system (yes, Windows Live Mail), should have in-built GPG/PGP capability and the address book should auto encrypt any messages to me with the public key in my "contact" info, and decrypt any from me with their private key which is created and stored without them even realizing (as SSH does). It's hard to select an e-mail client anyway, but convincing my parents to select an e-mail client and/or plug-in, isn't going to happen.

I've been puzzled why fat clients traditionally have S/MIME built in, but certificates are complex to obtain, and don't have GPG/PGP with easy to create keys.

While I really enjoy reading and sending encrypted emails, and think it's far better than sending sensitive data in the clear, I am surprised to learn that there are people who use PGP and don't hate it or have issues with it.

This is an interesting case where a barrier to entry makes discourse less valuable. Perhaps the barrier makes people feel like they have to prepare a short speech in order to make the effort worthwhile. I certainly would rather converse with most people than listen to one minute speeches from them.

"People like myself for twenty years and nothing to sell."

I've been in and out of the "GPG everything!" group over the years, and I definitely agree that GPG is a pain to use. I always figured this was because of the lack of proper frontends, and was hoping for the major influx of funding a couple weeks back would help it make progress in usability and infrastructure, but Moxie says that it's obsolete at its core.

But if we're to replace it, the replacement has to not only be at least as secure, but also standardized and embeddable. A webapp or Chrome extension (which Google's End-to-End is) won't make the cut.

Sure, every once in a while you have good security luck out and land a great designer (TextSecure), but that's extremely rare. The vast majority of security teams don't value design as much as security because they don't have the incentive to.

So how do we fix the incentives? Can we? Should we?

I'm going to throw down a gauntlet: encryption design that doesn't start with designing for the human users is already fundamentally broken. Why? Because it cannot represent a solid system. This isn't machines in the Matrix talking to one another: the needs of the human users are the only thing that matters.

Combine that with the past few decades of experience in software encryption systems, and we realize that this is hard to achieve. The non-adoption and misuse of GPG that Moxie speaks of, the train-wreck of passwords, and so on. It really feels like we've hit a wall, where there are no significant gains to be had unless these design problems are taken seriously. "Perfect" cryptosystems that have major real-world usability flaws are in fact worthless. Implementing new systems of this kind is a waste of effort and a disservice to everyone who vitally needs the services of a robust encryption infrastructure.

I view the current state of security in applications a a result of two forces: 1) The human dynamics of the roles involved: The disciplines of security and user interface design overlap very infrequently, and very rarely done alongside one another, collaboratively; one always tends to drive the other. For user-friendly and secure communication software to be written in an open source environment, too many stars have to align. 2) The market value of data: Software which can be monitored, and data of its users aggregated, analyzed, acted upon, and sold is more lucrative than making something which is truly secure, even from the authors.

I believe usable encryption is possible, but I don't expect it to come from grassroots open source efforts, nor from the big market players. If anyone, I expect to see it come a collaboration between large non-profits (such as Mozilla, EFF), and universities. In the current environment, they're one of the few with sufficient resources, organization, and motivation to get it done.

It is largely a success in verifying the identities of the software developers. The entire Debian ecosystem relies on GPG in largely successful ways.

Peter Todd suggests that PGP drop encrypted communications as a goal and focus only on identity and authentication. It appears the PGP just can't be bootstrapped into modernity from a communication point of view. The only major innovation in authentication and identity has been threshold signatures which GPG could support.

Identity and authentication are the biggest reason that PGP hasn't caught on with non-technical users - the web-of-trust is necessary to do distributed identity and authentication properly (under the current model), and the importance of out-of-band verification can be hard to explain. Authentication (as opposed to authorization) is hard, even without factoring in state adversaries.

The fact that the web-of-trust hasn't succeeded doesn't mean that another model won't, but I don't think it makes sense for PGP to throw out the one goal it already does incredibly well (securing communications) in order to focus on the biggest problem we haven't been able to solve in 20 years.

I like how they wanted to completely remove identifying info and similar signature schemes from signify http://www.tedunangst.com/flak/post/signify

My opinion is basically GPG for identity and Axolotl for comms.

Imagining a world where the web-of-trust was succesful is not hard. It starts with everyone using Outlook instead of gmail. Then imagine Outlook having PGP support builtin. Then imagine in the contacts list, every contact was marked with a color, red, yellow green.

Whenever sending an e-mail to a red contact, Outlook would display a small one liner on top of the compose box "There is no identity information about the contact you are sending an e-mail to". (it doesn't matter that no one knows what that means, it's just a small nag that people understand is negative)

Whenever sending an e-mail to a yellow contact, Outlook would display the following nag line: "You have not verified the identity of the contact you're sending an e-mail to. Click here to resolve".

When the user clicks the line, they'll be asked to call the contact on the phone, or meet with them in person and ask them to compare keys. (Perhaps aided with some fancy tech like NFC or whatever)

Will people ignore the nag line? Yes. Will people click through the dialogs to resolve the nag line without actually verifying? Yes. Does that matter? Not as much as crypto-purists would have you believe.

There's always that uncle, niece or colleague that's going to be anal about it anyway. And if the web of trust is big enough, and the devices enabling the web are communicating, it will be very easy for the web to self-heal whenever corruption arises. Just imagine if whenever someone who purports to be your aunt sends you an e-mail, and your e-mail client automatically checks the key with everyone elses in your family.

The only reason the web-of-trust doesn't work is because it was never adopted and made usable by the important software developers. And that never happened because not enough people cared.

Step 1: the UI will be a mixture of meaningless and annoying to users, causing them to ignore and misuse it

Step 2: mumble mumble... self-healing corruption

Step 3: the only reason this hasn't succeeded is that people didn't care enough

It's exactly those parts in step 2 where I've historically fallen off of the WoT story. What does the UI do when my nontechnical friend has marked my key but his dad has marked it as untrusted? What happens when I lose my phone with my keys on it? How do we not end up in a situation where users see big scary warnings all the time constantly and they just learn to ignore them?

Every tool in this space suffers from the choices PGP implementations have made and asking what your uncle would do if trust conflicts occured when he's going to first be asked if he wants an RSA/RSA, RSA/DSA, DSA sign-only, or RSA sign-only key before he gets there, and then have to figure out what keyserver to send to and then....

Answering these high level UX questions requires having actual users.

The system might send you an e-mail if someone casts doubt over the trustworthiness of a key. If you lose your phone with your keys, they're gone, just like when you lose your keys.

I never said big scary warnings. Just small reminders that what's happening isn't secure, like the green bar in your browser. Most of the time harmless, but informative when you need it.

SPKI & SDSI had a different model: rather than trust people to tell you who someone is, one trusts them to tell you who they think they are. That is, rather than me verifying that key 0xDEADBEEF belongs to the individual known to the town council of Lower Shroppington as 'William Morris' (which is inherently fragile: I may not be an expert at verifying identity documents, or at verifying those issued by Lower Shroppington; the individual before me might have a document issued by Lower Shroppington deliberately to mislead me; heck, who is the real William Morris: there could be more than one), I would just verify that this is the individual I call William Morris, and let you make use of that as you may. If Lower Shroppington wanted to, they could issue a certificate stating that they call him William Morris too.

It was a really smart way of doing things.

How might it fit into a modern email infrastructure? Easy! example.com could use key 0xBADDA451 use certify that foo@example.com belongs to the keyholder of the key 0xC0FFEEBA; .com could use key 0xFEEDBAC7 to certify that example.com belongs to 0xBADDA451; the root domain could use key 0x55378008 to certify that .com belongs to 0xFEEDBAC7; IANA could certify the ownership of the root domain; the ICANN board could certify the current IANA key; the previous ICANN board could certify the current ICANN board, and so forth.

What would you see in Outlook or Gmail? Your agent would display that the claimed sender email is valid. It might also try to find some path connecting you & good ol' Bill Morris, then show you that your buddy Steve's ex girlfriend Wilhelmina says that key belongs to Billy Morris.

Interestingly, this could even work for an email legitimately sent on William's behalf. All a normal user would care about is, 'this email is legit' (for some value of); us geeks could geek out as we wished.

In the end a tree-of-trust rests on the fact that you trust the manufacturer of your laptop that they put trustworthy certificates there so you could verify the roots.

We're seeing the major browsers now turning that tree-of-trust into a web-of-trust by cross referencing domain certificates to see if there are duplicates or other shady things going on.

> In the end a tree-of-trust rests on the fact that you trust the manufacturer of your laptop that they put trustworthy certificates there so you could verify the roots.

For hostname and IP address ownership, there is a central authority: ICANN. The problem with the CA model is that someone other than ICANN can lie about who owns a hostname. As for the ICANN roots, those should be publicly known and verified in the same way that any information is publicly known and verified (ultimately, it comes down to verification).

The problem with ICANN being a central authority is that knowing that I'm talking to the legitimate owner of 'apple.com' tells me nothing. It could be Apple Records or an apple farm or a guy who just really likes Apples for all I know. The CA system uses a ridiculously expensive, painful process to do ICANN's job for it, and still doesn't provide me the guarantees I need in order to do business online.

With respect to email, I can use a tree-of-trust system to guarantee that I can send email to the legitimate owner of an email account, but I cannot guarantee that said legitimate owner is the person I think it is (after all, ICANN in a very real sense owns the Internet, and could transfer anything to anyone). If I wish to, I could use an SPKI/SDSI system to ensure that I'm sending a message to the person who the person who the person who I think is Jim thinks is Sally thinks is Bill.

Which, really, is the only way trust can work anyway. What does anyone know other than what he has heard from others?

http://quickmsg.vreeken.net/

That could be taken as a starting point for how to make things more smooth for users.

Yes, GPG is a powerful tool that makes some encrypted communication possible. But is it really "working" if it's the tool we've had for the past 20 years, and we still ended up in a world where surveillance is so ubiquitous and privacy is so rare? Having used GPG, it seems more likely to me that there are only ~50k GPG users in the world because of the product, not because of weak desire or need for private communication.

I'm not suggesting that there's anything "better," but that it's really sad there isn't. GPG isn't ever going to be anything other than what it is now, and I don't think that's the future we want for ourselves.

We could try to slap a GUI on top of it, but I don't believe great products are made that way. Good UX requires thinking about interactions all the way down to the protocol. The good news is that GPG has such a small legacy install base (literally on the order of ~50k users), that there's no reason to maintain compatibility with OpenPGP. When building new products, we can start fresh with modern cryptography, a modern protocol, and a modern design philosophy.

It's not just that, though. Anyone else with your knowledge but no standing would be scorched for saying what you just said. "Throw away the one thing that has proven to be secure and write our own protocol" doesn't go hand in hand with "serious cryptographers trust what this person is saying."

The truth is probably that either you do this or nobody will.

You should. The world would be better for it.

I'm not going to back just any crypto project, but with the right people leading the charge I would get behind it.

(Unrelated to GPG, but this goes towards crypto projects by Moxie and other solid people.)

This attitude is why GnuPG (and other PGP implementations) are in a position to be criticized by the Moxies of the world. Is there some particular reason why anybody outside of some recognized elite should be discouraged from at least trying to create a better, improved system? Yeah, they'll probably fail in a lot of cases, but if the world really wants a modern, easy-to-use alternative to PGP (a real alternative, not use-case-specific alternatives like RedPhone and TextSecure; encrypted/signed email is still a valid use case that both those things blissfully ignore, by the way), this sort of attitude - that anyone outside of a select few rightfully deserves to be scolded for trying to make better crypto - is lethally toxic to that goal.

In between the time that a cryptographically illiterate developer releases their MVP 1.0 version and the time that it's discovered that their cryptography is fundamentally flawed --- a window of time that can stretch on for years --- actual people will rely on the tool for their security, not realizing that serious adversaries are reading their messages.

Most new cryptosystems --- a cryptosystem being "anything that uses a cipher, including when the cipher is simply AES --- are terribly broken.

Search for [decryptocat] for an extremely good example of what I'm talking about.

Developers who are new to cryptography that want to learn more about it and eventually use it in their own systems should start by learning how to exploit broken cryptography. If you can't exploit an RSA padding oracle, you shouldn't be designing systems that use public key cryptography. If you can't exploit a CTR nonce stutter, you shouldn't be using block crypto.

Developers who don't want to learn cryptography should work on improving the UX (UI and workflow) of existing cryptosystems. PGP could sure use some help, but even if you don't want to help with PGP, there's a huge green field of work to be done on browser TLS trust and CA user interface. Just as one example.

This results in things like GnuPG being considered hard to use. This results in things like GnuPG struggling along with a single core developer and barely enough funding to support that developer (even now). This results in things like OpenSSL being horribly undermaintained, to the point where nasty bugs like Heartbleed are allowed to exist longer than they should because there is an insufficient quantity of eyeballs to find them and squish them. It doesn't take a rocket surgeon or a cryptographic guru to see that this is nothing but an awful situation for pretty much everyone involved.

i think any 3rd party distributed crypto is only useful against weaker adversaries (weaker than the person doing the distributing). For p2p crypto designed and agreed to by the two parties, there are lots of options, starting with a 1-time pad, CTR mode hash based ciphers, etc...

I know you said there's no unifying theme to these emails, but can you elaborate? Maybe something about security-obssessed lay people using GPG to send the most trivial of emails? Or something else entirely?

"Way to take a dump on people who make an effort."

Which says something about the downvoters.

Irony everywhere.

... just like Windows users ;)

'People who use Windows do not have both the intelligence not to desire it and the power to do as they wish.'

I know stereotypes often treat people unfairly, but the kind of person who has the dedication required to use PGP seems, to me, to often coincide with the people who find fault with everyone who hasn't had the dedication or focus to learn sophisticated software techniques.

And, if I were Moxie, that would be a source of constant frustration to me. The very people who have the ability to make things better -at best- don't empathize with the people they could help, and at worst harbor a bit of contempt for them.

Considering Moxie seems to be dedicating a large part of his life's work to helping average people, I believe the attitude I described could play foil to the inspirational messages he also receives. But I don't pretend to know him or anything.

You may say that, but after the "we specifically work to make TextSecure impossible without Google Play because using Android without google is 'going back to the old broken desktop security model'" thing, I'm not convinced.

I'm sure moxie is good with crypto, but sadly, he's on different side of war on general purpose computers than I am. He's on the side of walled gardens and limits what can you do on your own device, and I can't accept that.

EDIT: and of course he would spit on GPG. For moxie, GPG is competition.

https://github.com/WhisperSystems/TextSecure/issues/127

And in the meantime? That's one of the main arguments against his attitude. The PGP-encrypted email senders he's complaining about realistically had two options:

1) Send email PGP-encrypted 2) Send email unencrypted

Additionally, neither he nor (I would assume) the sender is part of "the masses".

Crypto is far more effective when everyone uses it for everything:

https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

PGP certainly isn't ideal for the "everyone" part, but scoffing at people for using PGP by default harms the "everything" aspect.

Agreed 100%. I just don't have anything to offer in this space :(

I feel like a lot of the things GPG aims to do are fundamentally hard. It's not the technology that sucks, it's the problem. I completely agree that the answer will come from thinking about user interactions first, but I'm not sure that the solution will look much different than a better GPG client.

I think the problems are solvable, but only if we have a different design approach. So when I see projects trying not-PGP, I'm interested. When I see projects building on PGP, I'm less interested.

[1] https://whispersystems.org/blog/sure/

Also, any vague timeline available for arrival of the desktop Signal version? What about video-chat support? Would that be possible with WebRTC? (although you should probably wait until ORTC is supported within WebRTC - v1.1 I think?) and then add ZRTP on top of it. Or is a desktop, Javascript version, just not secure enough for that to happen? What if you do it like Whatsapp's "web app", that basically only connects locally to the phone?

This is my feeling as well. To optimize for security and privacy, it seems like it needs to be difficult by design. If it's too easy, it's probably less secure.

I'm not sure if anyone has given it seriuos attempts to make it more user friendly, though? Would be surprised if no one has, there should be a great opportunity here. Escpecially now that it has so much focus.

However, I also (like Moxie) believe PGP is not at the sweet spot. It has too much complexity for the most popular use cases. Thank you Moxie and others who are searching for the sweet spots.

http://peerio.com/

It's made by the CryptoCat author, so make of that what you will.

Literally the second tweet on their twitter account is 'Damn, it works. Got a lawyer who resisted all other methods to encrypt our comms with @Peerio. Big score for usability. Bravo @kaepora & co.' which kind of bugs me, too.

Arguably it was easier to use GPG back then than it is now. Pine was my MUA and I had an easy to find public key. Now I have an iPhone, don't use Linux on my laptop anymore, and make heavy use of messaging products.

Here's what I have now that I didn't have then, 2FA. There's an app on my phone that makes it super easy so I use it. If I had to still carry around a separate RSA code generator I probably wouldn't.

Surely we can figure out a way to make encrypted email nearly transparently easy with the major mail providers, and the default mail apps on our laptops and and phones. Surely we can figure out a way to make a trustworthy distributed keystore.

Perhaps this will all change because before Snowden we were blissfully unaware and GPG was a cool toy unless your life was in real danger, post Snowden we're residents of a vast internet police state and my Mom knows how Target was hacked.

I have a strong suspicion we will figure this out, and soon. I wonder, are VC's are looking into funding easy to use consumer encryption?

Every time I see this in regards to email, I'm puzzled. Carnivore was known about in the 90s. Then there was the AT&T Room 641A in the 200s. So I don't know how people were unaware that state level actors could tap connections and record email.

Second, for this threat model, just forcing and validating TLS on SMTP gets you pretty far, does it not? You're then mostly trusting your email provider. And without trusting them, we get into user-unfriendly stuff like not being able to forget your password. (Barring some sort of breakthrough ideas.)

Seriously, has there been any good proposals that provide strong privacy (say, no one but the user can read the message) but aren't complicated or require users to do things they aren't gonna do: validate keys? PGPFone and ZRTP are great because you already have an "out-of-band" key auth mechanism in place, and it's fairly straightforward to check.

Nobody should trust their email provider if they are concerned about the privacy of their email. The Job To Be Done, by an email provider such as gmail/yahoo/hotmail is to act as a mail store, and mta. A user should be able to rely on a local MUA for confidentiality. Admittedly, that shifts the level of trust from the Email Provider to the provider of the MUA software and the Local Hardware, which is why things like OpenBSD/Linux and (hopefully not firmware-tweaked) commodity hardware is so important.

I'm hoping someone comes up with a breakthrough idea here, something fantastic that enables real privacy with no inconvenience. But in 20 years, there's been essentially zero progress on that front. All proposals either violate Most Users' required features, or boil down to offloading trust to the email provider.

It can be very hard to know whether you have the right public key, especially for people that you know only from online activity. And it's not uncommon to find multiple unrevoked keys, with the same email address.

But check out https://keybase.io/mirimir. You can easily get a GnuPG key that signed proofs in my profile here, on GitHub, and on reddit. Also, the email address in my key is linked to a Gravatar that StackExchange and other sites use. So whoever I am, you can be confident that I control that GnuPG key.

Private keys are obviously an issue, but I don't really get why passwords are considered so important.

I like to use GPG when I can for communicating with people, but most of the things I put on it are less private than what you would get if you got my computer.

I don't think passwords protect you if the attacker can install a keylogger (correct me if I'm wrong), so anyone with hardware access or malware isn't going to be stopped. You are only protecting against people that can read files from your computer but not install hardware/software.

I think for the average user the password provides little extra security while having a high UI cost.

If you had to open an app on your phone at each login you'd get crazy real fast :)

I do like your analogy tho. Digital music is a breeze to buy nowadays. Moxie seems to appear as covertly saying its misguided to donate money to GnuPG so that it finally gets good, because, you know, not-moxie-made.

The.. what was it called? Redphone? Whisper? and various other projects - while very cool - didnt achieve even as much popularity as GnuPG (which in itself is far from greatly useable).

I know of one tech that has a chance right now and thats U2F/Fido. It allows for building a framework (being GnuPG or otherwise) around it that's both secure and works for everyone. Why? Because fucking gmail supports it that why. It has nothing to do with the actual tech. It has to do with support. It has to do with my iphone, android, whatever, working with it seamlessly. It a lot to do with "slapping a GUI" at the right places.

The Axolotl protocol that was created for Whisper System's TextSecure is now used, by default, by Cyanogenmod (10 million users) and the Android version of WhatsApp (more than 500 million installs from the play store).

I'd say Moxie's tech has been pretty widely adopted.

If the only "usable" implementation is on a hard-to-physically-secure mobile device that uses a tonne of different uncontrolled network access points a day -- that's not really an option now, is it?

What, Gmail? Yahoo? They exist only because they can read your plain-text email and serve ads against it. Most people get their email through free webmail providers, who have every reason not to make encryption easy.

Public awareness of privacy especially wrt mass government surveillance, identity theft and high profile corporate breaches seems that such an thing is ripe.

I am naively optimistic given the right implementation a consortium of stakeholders could do something meaningful.

What's your ideal vision of what end-to-end encryption for the common (wo)man should look like other than "not GPG"?

Two questions whose answers are nonexistent in your article.

> the working hypothesis for privacy enhancing technology was simple: we’d develop really flexible power tools for ourselves, and then teach everyone to be like us... Instead of developing opinionated software with a simple interface, GPG was written to be as powerful and flexible as possible. It’s up to the user whether the underlying cipher is SERPENT or IDEA or TwoFish

I think it's self-explanatory why it's not good that users need to know about SERPENT, IDEA, and TwoFish.

> the fundamental architecture of PGP also leaves no room for now critical concepts like forward secrecy.

> a ballooning penumbra of OpenPGP specifications and notes so prolific that the entire picture is almost impossible to grasp... Mailpile had to write 1400 lines of python code just to interface with a native GnuPG installation for basic operations, and it still isn’t rock solid.

> journalists who depend on it struggle with it and often mess up (“I send you the private key to communicate privately, right?”)

UX failure leads to user uncertainty or insecure behavior.

What a better replacement looks like (from the comment here):

> Good UX requires thinking about interactions all the way down to the protocol.

> we can start fresh with modern cryptography, a modern protocol, and a modern design philosophy

I'd say user uncertainty and insecure behavior are, each, sufficient criteria to declare a UX a failure.

Would a ground-up rewrite of OpenPGP have PFS? Of course. Is the functionality important enough to justify a new protocol? Not on its own, IMO.

The second question, however, still isn't adequately answered; "we should be thinking about interactions" and "we should use modern things" are two of the most vague answers possible.

> The frustrating and ironic thing about GPG is that even experts make mistakes with it. Even, as it turns out, Edward Snowden.

> I now had Poitras’ permission to send Snowden her encryption key, but in his first email to me, Snowden had forgotten to attach his key, which meant I could not encrypt my response. I had to send him an unencrypted email asking for his key first.

https://firstlook.org/theintercept/2014/10/28/smuggling-snow...

That's very marketingish of you. Why not fix GnuPG instead? There's more than slapping GUIs to things!

Also, where is your 50K user base number from? According to my SKS keyserver traffic, it's much greater, even if i were to assume 50% of the traffic is non-human.. what the fuck happened to you man?

Also, if it's well done - I'm not against something different from GnuPG. I just disagree with the argument.

Which leads to this question:

which product are you going to announce in 6mo that would be so much better?

What do you think of the Dark Mail effort? And of Pond?

Secure communication is as much a cultural change as a technological one.

There is also the cultural issue of just exchanging fingerprints. Only techies put them on business cards, and even then only some. It needs to be common action.

Another approach for verification is employed by Threema [1]: The server verifies email addresses and phone numbers, so if the address or number is in your contacts you can have more confidence, represented by an orange dot next to the contact. If you verify the fingerprint by scanning QR codes, you get a green dot.

About fingerprints for the masses: I really like the visual fingerprints Peerio is using (basically bigger Github-style generated avatar icons).

[1] https://threema.ch/en/faq

But, not having used it for a few years, I went to take a look again - list some keys, maybe SMS some friends to exchange fingerprints and sign their keys, etc... - I'm trying to recall what the relationship between PUB, SUB, UID, Key Fingerprints are. And how do I indicate that I trust a key and upload it back up to pgp.mit.edu?

And I consider myself a member of the 0.1% who at least understand the principals behind PGP/Public Keys/Private Keys/Web of Trust, etc...

So - if I'm having trouble understanding this without a couple hours of study, their is Zero chance that the other 99% of the population will ever be able to wrap their heads around the intricacies of PGP. Something else is going to have to replace it.

[EDIT - as an aside, I've spent the last hour trying to do a "gen-key" on my ubuntu host, and been prevented by lack of entropy - and yes, I've tried running tcpdump, tried egrepping every file on the system for a string, etc... Ended up on https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011 and the answer seems to be, "Find a machine that does have entropy, or install a hardware random number generator in your computer."

Please add this to the reasons why normal people never use GPG

Edit-2: It took about 25 minutes, but apparently between find / -type f | xargs grep wontfindme and sudo tcpdump -nnn not port 22, I managed to collect enough entropy to keep gpg moving forward. ]

haveged is an absolute essential for all servers

http://www.issihosts.com/haveged/

that means it will block when it estimates that you have "used up" all of the available entropy

you can check how many bits of entropy your kernel thinks are available easily

cat /proc/sys/kernel/random/entropy_avail

edit: i should have mentioned that there is some reason to argue against this behaviour but that doesn't change the usefulness of haveged for existing systems

The random(4) manpage is unfortunately exceptionally misleading, and has sadly led to a small but non-zero numbers of products that try to use /dev/random rather than /dev/urandom.

Sadly, gpg --gen-key doesn't even give you this option - but that's (as noted above) another flaw in GPG.

This sounds like an implementation fail / lazy implementor. GPG shouldn't need more than 32 bytes of entropy (for keying AES-128 and then encrypting a 128-bit block of data repeatedly until you collect enough randomness.)

If the GRND_RANDOM bit is not set, then the /dev/urandom pool will be used. Unlike using read(2) to fetch data from /dev/urandom, if the urandom pool has not been sufficiently initialized, getrandom(2) will block (or return -1 with the errno set to EAGAIN if the GRND_NONBLOCK bit is set in flags).

Then again, that's probably not important if you interactively launch gpg on a desktop system that wasn't just installed a minute ago or so.

Timer EntropyD [1] can be extremely handy (as can the audio-entropy gathering)

[1] http://www.vanheusden.com/te/

    [[SECURE_CONTENT abc@ez.im -> foo@bar.com
        BASE64-CONTENT
        =====
        BASE64-SIGNATURE
    ]]

For simplicity the registry will do email validation of its' users, it should issue a SALT so that PBKDFx(SALT + email + passphrase) is used to generate the private key... the public key is stored in the registry.

For more control, a given service entry in dns for peer-crypt registry for the given domain can be set as an authority. A distributed system could be used for confirming tokens combined with DNSSEC as a control system for greater availability.

There are flaws with this idea, but it could be something that can be made insanely easy to use, as well as adding a lot of security to email transmission without creating an all new infrastructure, only adding services on top of what exists.

For power users, they could set the public key without salt in the registries, if they wanted to manage their own, instead of relying on the generation mechanism, or to use/keep the same key across different addresses/providers.

Well, that's the issue, right? How does it do this?

OTR is much more successful because it allows ad-hoc connections instead of trying to make authenticity guarantees. It encourages authentication, but the decision of when to invest that extra effort is left with the user. Fundamentally, OTR just offers privacy from eavesdroppers, and it does that well. Every other feature is extra. Even better, these new features (e.g. authentication) don't have to start from nothing. A big benefit of separating features is that is added later can leverage the existing infrastructure.

I personally believe the "killer crypto app" that will actually be adopted is a tool that is the opposite of OTR. It should only promise ad-hoc authenticates and do it in an generic style. I mean something that is somewhere between "gpg --clearsign" and 2channel/4chan style tripcodes[1]. In an ideal world, this needs to have a clearsign-style mode, so it can be used on existing forums. If the browser simply offers a "sign this" button next to textareas (no password, auto-gen they key and stuff it on a keyserver, just make it happen), it will be used. On the decode side, any blocks of text the browser sees that look like a signature get check, with the key pinned. That's it. Any features that allow nicer integration with email, forum software, etc, are nice but optional.

This provides a minimum, anonymous level authentication (forgery prevention), and the only UX the user should have to see is the "sign this" button and a loud "possible forgery" warning if a signature doesn't match the pinned key. It even works regardless of who is transporting the message (different websites, email, gopher, avian carriers) without needing an "identify provider". Upgrading this infrastructure of pinned keys into something more interesting can happen later on, if desired.

Would this work? I believe it's worth trying. It is clear that trying to solve all of the security needs in a single tool has not worked, and the one tool that got any adoption at all (OTR) has a much more narrow set of goals.

[1] http://en.wikipedia.org/wiki/Imageboard#Tripcodes

I'm right there with you on that one. So is most of HN I imagine.

But the Apple ][ really brought the PC home for so many more people than it's competitors purely because of it's relatively simple GUI.

Command prompts scare the average user.

I guess that's why I will always be a C=> fan.

Go generate a revocation certificate and push it to the global pool. You'll stop getting those disappointing emails.

But seriously, go build something better. I fucking dare you. We'd all be better off for it if you really did.

Almost as important as his crypto expertise, moxie's deep understanding of UX and especially barriers to entry and the network effect have concretely made the world a better place, and not just for people like us...but also (and especially) for people like my mom, my partner, and my (mostly non-programmer) friends. Thank you for understanding that their privacy is important and that their human dignity matters--and especially for meeting them where they are.

As a result, now it's not just my colleagues "in tech"--but also essentially all of my friends and family--who are with you!

And yeah, it's true that some of the Snowden docs reference ZRTP attacks & spoofing voice so it's not necessarily foolproof (or her phone could be owned etc.), but another one of the things my mother told me when I was a kid was "the key is to begin." And that's what moxie's done...

GPG is a terrible UX. Accidental use of GPG tends to fail open, and insecurity results. Futzing with different keys, rotating them, retracting them, etc, are grievous. I can't reencrypt old stuff to new stuff (e.g., a pw database) without spending a good deal of time thinking about attacks, file safety, etc.

I'm really a distributed encrypted email fan, I guess. I want to securely communicate over email to my friends and family, without having to do the GPG dance.

If you're referring to GPG's shitty interface, then sure. But how much of that is "1990s crypto" and how much is due to the fact that it's one guy working by himself and barely being able to afford it, for years?

GPG with Linux-levels of support would be an entirely different beast.

edit: oh sorry, are we not allowed to disagree with Big Names™?

Not when it comes to cryptography and HN. Moxie, Collin, and tptacek are the only 3 people that can say anything that isn't mainstream pop-crypto. Anyone that dares to disagree with them is clearly wrong and must be punished with downvotes.

Should random software engineers experimenting with crypto claim that they've created a software package worthy of being used by dissidents and whistleblowers?

Absolutely not!

But should we be discouraging random software engineers from experimenting with crypto, and starting open source projects that may gain steam...and eventually, after years of use and audits, gain the standing and reputation to be used by dissidents and whistleblowers?

Again, absolutely not.

How's about this: rather than a protocol-up rewrite, how about just writing a library-up rewrite? Write a ground-up implementation of (maybe a subset of) RFC 4880, with opinionated choices of default ciphers (a bit like NaCl). Make it a portable library that can be used on all the popular mobile platforms and from all the popular languages. That's a plenty big enough job, and would fix the concrete pain points with GPG without throwing out the good part.

> We could try to slap a GUI on top of it, but I don't believe great products are made that way. Good UX requires thinking about interactions all the way down to the protocol.

What kind of concrete things would have to change at the protocol level? Plenty of good products conform to existing protocol standards, and a crypto protocol that has survived years of use in a hostile environment is worth its weight in gold. The talk of "modern" seems very handwavey as a reason to throw this out.

> GPG has such a small legacy install base (literally on the order of ~50k users), that there's no reason to maintain compatibility with OpenPGP.

I find it hard to believe there are only 50k users given that OpenPGP is built into the package-management infrastructure that every Debian user uses, and is required on Maven Central which virtually every Java system uses. Yes, these aren't people who actively chose it or are even aware that they're using OpenPGP - but protocols are like that; they're infrastructure.

And as for your 50k, that may be a small number but they're the people who really care about privacy. Snowden is among them. If you're trying to spread crypto, those are the last people you want to alienate.

That's what PBP does:

- Code: https://github.com/stef/pbp

- A short (9:03) talk by the author: https://www.youtube.com/watch?v=Kl_gLMef1mI

Sure there is. For one, we were talking about encryption protocols. Those are not encrypted. The one that is encrypted, HTTPS, sucks (the whole CA system). So after Snowden's documents came out I would've expected more people to say "it's time to get rid of HTTPS". That hasn't quite happened yet, and I'm disappointed by that. In case w

As for TCP/IP, again, not encrypted, and they need to be. In case we've forgotten, TCP/IP and HTTP is what made it happen for the Internet to become a giant spy machine. That to me means they are broken.

We need to switch to something like CurveCP, MinimaLT, Noise, etc, that is encrypted by default at the Transport or even the IP layer. If we agree "encrypting all the things needs" to happen, then the current state of TCP/IP and HTTP is horrible, and we're not moving fast enough to replace them.

The fact that we don't yet have a good encrypted by default alternative to TCP/IP and HTTP/S is what will also bring us a world of hurt when the "Internet of Things" arrives in a big way, along with self-driving "smart" cars that can be remotely updated (and hacked).

Transport is the wrong layer to do encryption (much as I'd love to see more adoption of IPSec) because encryption and authentication are inextricably linked. Suppose you can confirm that you're absolutely, veritably talking to 174.16.23.46, and your messages can't be read by anyone but them. What good does that actually do you?

TLS is, despite all the problematic cipher suites, fundamentally sound infrastructure - which is why it hasn't been replaced. The same is true of OpenPGP. We don't need new protocols, just better implementations - an equivalent of LibreSSL for OpenPGP.

In the current post Snowden climate, can't we agree that this is at least a good thing? The good it does at the most basic level is protect your communications from prying eyes.

Yeah, +1 for this. The lack of a proper GPG library is very strange.

I'm in the process of writing a Python program that interfaces with GPG right now, and I was surprised to learn there isn't an official GPG library. The closest thing seems to be GPGMadeEasy [1], which is an official library wrapper for the interactive program.

Since I need low-level key manipulation (writing out a key with known values), what I've ended up doing is using the BouncyCastle Java library[2] via a separate Java command line program my Python program can call out to. It works, but it's painful.

So, yeah -- what would be the cost/benefit of the project lmm proposes to create a real, portable GPG library? It makes a lot of sense to me.

[1] https://www.gnupg.org/%28it%29/related_software/gpgme/index.... [2] http://bouncycastle.org/

I don't open a link to Paul Graham's site to read "Shit's bad, guys, and here are some fairly shallow reasons why I feel I can make that statement". I go there to read something that's been thought out by someone 'in the know'. Same goes for when your name is on a post about crypto. This was just whining.

That may be totally acceptable to you, but I don't think I'm alone in expecting more than just an opinion.

In any case, your point still stands, generally speaking.

Every Linux distribution signs packages with it. So that's at least 100M users right there. Several APIs regarding domain name and AS registrations is based on it. I know at least two financial systems that signs their messages with it. That's just mentioning a few I can think of right now. I'm sure it secures a lot lot more. It's used all over the place and it seems to do the job fairly well in most cases.

Is it suitable for signing email in 2015? I don't know. Things could certainly be improved. I know there are more suitable schemes for IM communciation. But the software and the underlying protocol is not something you can break in a heartbeat. It's important software.

Perhaps we need to speak more of the evolving use case in email?

The fact that GPG is used for other things is fine, as it will still exist and can still be used for those things.

The difference being, its worse to make a mistake using GPG than it is to make a mistake using most other programs. In the end, you are securing confidential information, which will always be hard, unnerving and require concentration and care. And this is just inherent to the task, which is fighting an undefined, super-powerful, ill-meaning enemy.

Encryption is violence. The objective is to violently keep an enemy away from your jewels. Instead of using an armed guard at your door, you use mathematical forces which are impossible for your enemy to overcome. Imagine your enemy needs the cleartext to save his own life, how does he feel when he is denied access and unable to gain access? It doesn't matter if its a steel door or a block-cipher.

What people are essentially demanding when they want "easy to use crypto" is a self-firing and self-aiming rifle with friendly-fire detection. "Keep all my adversaries away but don't bother me about it."

That's not how conflict works. If you attempt to secure your communications from a state actor, you are engaging in a full-blown combat against one of the most deadly forces there can be. That conflict will always be demanding and unpleasant. GPG being "hard to use" will be the least of your problems.

But no, we want everything for free. Protecting yourself against the overlords should be easy and painless, almost automatic. The defendant shouldn't have to learn how his defense works or how to properly use it.

Seriously?

EDIT: And what I find unnerving about your post is, suddenly the people who put in the effort to use GPG are the bad guys? The 0.1% who actually take privacy seriously enough to go through the the trouble? Don't get me wrong, I almost never use GPG, not because it's hard to use (M-x epa-encrypt-region, anyone?), but because I don't want to experience the emotional distress related to struggling with a super-powered state.

It's not that I don't care about privacy, I very much do, and my friends care as well (to a slightly lesser extent I would say and I'm willing to accept more to get to that point than they are). It's just that I am completely overwhelmed, only 1-2 of my friends even understand encryption at a high level and none of them expose private keys for communication. Even other developers I worked with got annoyed with OTR with adium/pidgin to the point I had to turn it off. It's not that I want to throw in the towel, I desperately want a solution, but even easy to use (what I'm looking for) "secure" communication tools get torn to shreds here on HN and so I haven't even considered trying to get them all to switch tools (even I thought it was possible, which I don't).

I guess what I'm trying to say is I'm not going to stop talking to my friends and my friends more or less refuse (due to complexity) to use encryption so what is the purpose of me even trying? The end result would be what? Maybe 1-2 people with which I can talk securely? Now I have to have 2 workflows and even if I have super-secure unique PW's, FDE (Full Disk Encryption, which I do use), and take steps to secure all MY data all of my friends are essentially leaking my data. So if the NSA/FBI/China/Hacker/etc want my communications they can just go after the weakest link, the people I talk to. It's very disheartening to say the very least.

I've considered blogging about this a number of times but didn't want to get destroyed here on HN (if I even posted it here, I probably wouldn't due to backlash) for being defeatist or get told how I am the problem. I am not a cryptographer and therefore am not qualified to even attempt to build secure software (if I even thought I was capable of coding up such a project). Even the tools that are easy to use that DO use tried and true encryption (Like PGP gmail/chrome extension, that's all well and good but what if I'm on mobile? Or on a friends computer? It's just too restrictive) are locked to a an OS/Browser/Device. I really do understand I'm asking for quite a lot (Cross-platform AND cross-device) but without those "features" there is no way I could get my peers to switch.

I'd love to have someone reply with how wrong I am how there is X tool/product/service that satisfies my requirements but I've searched high and low so I don't expect such a reply...

Can we just declare a flag day and switch to TextSecure?

1. there are full-featured native clients for computers that aren't smartphones

2. it works with anonymous accounts, without needing a phone number

3. federation is open

Right now, TextSecure can't even fully replace OTR (for secure IMs), let alone GPG (for email <- real work).

>the email was written by someone who would voluntarily use GPG.

>There just seems to be something particular about people who try GPG and conclude that it’s a realistic path to introducing private communication in their lives for casual correspondence with strangers.

Is it just me or is the implication here that anybody who uses PGP is usually a kook of some kind?

That's pretty much what I meant, clearly somebody didn't like me bringing it up. I wonder why. I have to use PGP every day for my job, I don't feel like a paranoid/obsessive, so I resent the implication a little bit. It's a clunky piece of software, but it hasn't caused me nearly as much suffering as Lotus Notes.

And with respect to the PGP-user / character link.. this is just beyond stupidity.

First of all, if he receives an encrypted email from a stranger, this is because he has a GPG key, too. So that stranger had every reason to assume that he's also a "GPG tinfoil hat".

Sarcasm aside, using GPG for minor stuff is not about paranoia, but about protecting minorities! This includes discriminated minorities as well as whistleblowers, investigative journalists, and so on. I for myself may not need that level of protection, but others do. Maybe even the stranger I'm writing to. The more encrypted communication we have, the less minorities spike out who really need that protection.

So encrypting everything is not "I fear", but a political statement. And that political statement is simply "I want encryption to become the norm rather than the exception, to protect minorities".

And given that nowadays Green seems completely consumed by twitter while Moxie believes in fixing whatsapp, I wouldn't hold my breath.

Edit. Matthew Green?

"introducing private communication(...) for casual correspondence with strangers."

It's obvious that author prefers his chat for that. Still there are scenarios where the GPG wins over chat. But it's also true, most people would make serious errors if they'd try to use GPG.

One is reop (https://github.com/tedu/reop). The cryptography is done by libsodium and it is well-written.

Another is NetPGP (http://www.netpgp.com/). The cryptography is done by the OpenPGP SDK. The NetPGP code is well-written but the OpenPGP SDK code looks like OpenSSL.

Both are promising and deserve everyone's support.

I see the section on not supporting key revocation at all and it worries me, because it seems to me there should be some way to do so. But perhaps the key here is that this particular tool is not trying to solve the key distribution problem, which is a whole other kettle of fish? It is possible that PGP fails partly because it tries to do both.

But that does mean that a solution still needs to be found for that problem, even if you switch to reop.

I wouldn't be surprised to learn that intelligence services sabotage open source crypto projects by helping turning their codebase into an arcane mess, which scares away the million eyeballs which are supposed to make bugs shallow.

I've worked on OpenSSL quite a long time ago; I thought they kept it so messy in order to sell their expertise through consulting. At that time, only tinfoil hat folks would have believed that spooks would spend millions sabotaging everything and anything crypto-related... Now I believe that infiltrating open-source SSL / TLS / PGP developper communities is at least as strong a priority as infiltrating terrorist communities for them, so I'm utterly convinced they're trying, and I'd rather bet they succeed.

Recently signed up for keybase to check it out. Read critiques (mostly negative) but jumped in anyway as I am hungry for something like it. I do not have a deep grasp of the arguments but I see the 'lipstick on a pig' criticism of slapping a gui on an aging infrastructure.

The practical problem with keybase for me is finding people to test it out with. I've added folks who don't know me and my friends couldn't care less.

There is a blindspot for me - I use ssh and rsa on a daily basis, many times a day. I do not know what I would do if I has to switch to something else. I do not know how to evaluate security options and know to know one is better than another.

We have very good infosec people in my company and have a standing weekly meeting to vet my sysops doings.

In any event will check out Whisper Systems and keep refreshing this discussion...

Interested in testing it out with me?

-----BEGIN PGP MESSAGE----- Version: Keybase OpenPGP v2.0.7 Comment: https://keybase.io/crypto

wcFMA5S7hsT55Ka3AQ/+K3YTd9aLF70PcDuDzUSBwt42I4UJdASvSzU9ljJZhxmh xn/XgzfuPVEqi75jhI20SfKJetR867leishDNU/XrynFCyJcr0ax6Q6BQes/w94d ErmBchxcYwFumB0i0tWMygmCUKgpL7W5bC26gB4AUdoPhhdJQnHYwiLvEv+e1G6I wFEA2/WzJlB+K+4v782zF7RhZaTA6OXl0noL6Nsoi2V/yufD5qKVnolx3RSHzdTd 1bSdS7lTCIQzvDmuLYvkophBL6Vb6Qa8IdwkLVxt+akr/W4oOxLaEE14HxS05OTO bN0R5yXzNNI7RWfU4cB3JKUMSKLGB4cBf+jEj1WyGCm04/9I1XgnNqFULE4RfHwG t8mqS1oeetfKlrzEx7NkXVn7mvITiYUzeH+M/DaTlnp5+Nb1FgQK1U54emIgEpmR qaG9JYDxZBtmBQ2gb3RtXndZFWQh7YifqaDFsUkJl4cdjXZ69WccvFRr+Vr3Ow1O m19lrHAFj4XZtsS9C1PNBejpdcfANoWjG+9Eitd6iliAo4nCG9jUi/6mIWRuamcs OS2uAAWMe1ZrfhwwU/x2+/QM6eGKU43DBLy9lmyFj2UgZKW1UokQg7iAp3Wd0f+Z SBEXNFsM3rPoYVb29boUcJtkA4CpArH36kIBv45A9u1c14uTUVRreGeLe1pqrsXB wEwD5S1urhQzgBEBCACk1jR8gIaMRKCsl7ofIjGr8PrrOYVCkNtpWjGsNnq+SFkG SUUekwzB0MfRVSdrkfVk/7Axrm0YGWqW9v12aNrrRLe8Vs/VJU9r2RRBgI164YbI UDxlGBJZhNnG1BxPVt1en1nH9ceEw4yq15giSxRMOhtlmpdv6Y0HIWzhnAb+Hc68 rxFq74j2wEfkHkIYJV7cOZtXy9WF0WHVgi0wIyiDHvV84KTO5HUv2qA1uJiqt3UU phq+lmFr3DzH7mcz2vLBW8r1AeFOd9VtRNVPkLEaVIjlCPGTYgr0hCfUX+JSf6PN 1VSRdogjcBu5Cqui60Fz9RKQvPCpX0NAUJpEZ30H0sEQATqCbZ/PF7nEqVHAOoH4 FK+Q6cR4+8iArPnUjr0lP0KWaQDJBghbYqQ8aUX37NUJaih7wae1b5WyBBCtwilI GowCJXwiD0kd7xUns61MhNDSn2K2ZPifHptJcv5QvODLkoJSHP4ylqCa9SrzyFNR gpRk3I31NIxZd7M5PT8fepQ75qTOgZ/v8ZTEd0HbPpjjRNJ3hMtIo7nmzPk54aD7 182jBWbXhiYiTTYEExnGwq+uDHoQjtGGBQzJegqeNex/q3Ba7Lf5RCbfFXQy3aDj JGRY6rZCQFbtcym2fjxeT9lRmHHeXA400zeLXgbqmmAKAcQwBtQQIF4Cg/cDNItN 6o5Jov0+pAm/NKKRWIXGJErGXsi0iTqJyl0anasbrQH6dnEXNbbMslIOtDl9CtKR N5Y+x+vJJKsOQaT6dJmQHZ19RxW4tickEr6zEu6IhB8ooMGMAjdq+tpRAF4+qKyK /yWUTIpp14deORe3aK7Hu0mA6H9dxDfwNwvat3Iv8R7YbsILdp7sFBPBlVLRLoBp BlYe7Eqroe7dCLg+v9Uw3Hpbu0yp3/BY64H3Qj9f7X3HQ+6nHQ0oQNS6XcwvJnKo JTV8lO263q0P7+Pti05SSs4= =gLgR -----END PGP MESSAGE-----

https://i.imgur.com/hXNGb5l.jpg

GPG may be a failure, but HTTPS is not.

Based on that statement, "good enough" is "good enough" relative to the value of what is being protected. From my personal experience, while difficult for use by ordinary users, GPG has proven "good enough" (if not better) for most common business/organizational/personal uses.

That is not to say, that a better alternative/increased ease of use is not possible. Better alternatives are always possible (possibly hard), but it seems such an alternative has not yet presented itself. This leads me to believe that this is in fact an ongoing market and worldwide opportunity for those who have the skills to make alternatives real.

ok. what's moxie selling next?

Software that thinks it knows my use case better than I do is wrong.