On Sun, Aug 17, 2014 at 10:14 PM, Robert J. Hansen <r...@sixdemonbag.org> wrote: >> Leaving aside the issue of how popular encryption of mail is - we are >> faced with the fact that 98 per cent of computer users are completely >> ignorant about software and hardware.
But even if they weren't, the problem is that OpenPGP protects such a small part of the problem that it is hard to justify the additional time and effort to users. If the revelations of the last year have proved anything, it is that most computer systems are vulnerable at a very deep level to all kinds of sophisticated attacks. In that context, where the underlying operating systems themselves are so vulnerable, OpenPGP really doesn't solve very much for most users. Supposing the following threat model (which I think corresponds to how must people use email): - physical security of hardware. - the need for secure communication contents (but the fact of the communication is not secret). - connection of the computers to the internet. - attackers who are interested in the content of the communication and who are willing to launch electronic attacks to get it. OpenPGP would be an ideal solution for the actual transmission in this scenario -- except that there is simply no operating system that can be trusted to be a secure platform upon which to run OpenPGP. There will always be a weaker link than the encryption, and so the right solution for most users is not to send confidential information by email at all. Now, there are still plenty of uses for OpenPGP, but they tend to be niche ones with particular threat models and especially motivated users. To expect mass-adoption of a tool with only niche uses is not reasonable. It doesn't mean that the project is a failure. N. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
