I'm surprised to see this list has missed the thing that bugs me most about PGP: It conflates non-repudiation and authentication.
I send Bob an encrypted message that we should meet to discuss the suppression of free speech in our country. Bob obviously wants to be sure that the message is coming from me, but maybe Bob is a spy ... and with PGP the only way the message can easily be authenticated as being from me is if I cryptographically sign the message, creating persistent evidence of my words not just to Bob but to Everyone! When there are only two parties in an encrypted communication this is _trivial_ to solve cryptographically: just use DH to compute a shared secret and use it to authenticate the message. (Multiple parties is solvable too, but requires a ring signature or other more complicated solution). But PGP has no real solutions for that. My other big technical complaint about PGP is (3) in the post, that every encrypted message discloses what key you're communicating with. PGP easily _undoes_ the privacy that an anonymity network like tor can provide. It's possible to use --hidden-recipient but almost no one does. Its also easy to produce a litany of non-technical complaints: PGP is almost universally misused (even by people whos lives may depend on its correct use), the WOT leaks tons of data, etc. In my view the use of PGP is more appropriately seen as a statement about the kind of world we want to have— one where encryption is lawful, widely used, and uncontroversial— and less of a practical way to achieve security against many threats that exist today. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.