If its an OK, albeit simplistic question to ask - is there a reason for this?
There are many reasons.My personal bĂȘte noire is there are a lot of people who derive their social status from the unholy union of (a) being a geek and (b) making people afraid. When you can make people afraid you can lead them into looking to you to tell them what to do. Making people afraid is usually a power play of some kind and it reminds me of high school. What pushes me over the edge into being a genuinely unpleasant person is when (c) they make people afraid about something the person is unable to find out for themselves. When Chicken Little told everyone the sky was falling, at least Chicken Little had the common decency to lie about something people could disprove just by looking up.
There are a lot of (a) nerdy people (b) making people scared about (c) near-future events they have to take on faith.
I don't see much difference between Sam Altman telling people "in eighteen months half of your jobs will be gone!" and somebody hiding behind a pseudonym saying "ackshually the new NSA listening center in Utah is going to be able to crack PGP because...". Either way it's the same spiel. These people make me very angry.
=====Then there are the people who deal in half-truth criticisms. For instance, a lot of people say that Open/LibrePGP don't offer forward secrecy, and "all modern designs offer perfect forward secrecy."
Rubbish. PGP offered perfect forward secrecy in 1991. It was one of the first systems with perfect forward secrecy. It's so old it predates the term perfect forward secrecy.
What perfect forward secrecy means is "the compromise of a key does not allow an attacker to read messages sent after the compromise." Well, Open/LibrePGP uses random per-session cryptographic keys. Compromising the key used for a specific message doesn't help you compromise any other message, in the past or in the future. Open/LibrePGP is, in that sense, providing perfect forward secrecy.
At the same time, it's also plainly obvious that Open/LibrePGP uses long-term keys as well (your asymmetric keypair). And there, sure, there are criticisms that can be made from a PFS standpoint. Those are valid and worth listening to.
But for every person who gives a nuanced and complete understanding of PFS in Libre/OpenPGP, there are a dozen who are just repeating "no perfect forward secrecy guarantees!" without ever talking about the subject in a realistic way.
=====Then there are academics who make highly academic criticisms, that although are offered in good faith often show a lack of consideration of real-world constraints on what we can do, or a lack of understanding of what the real problems are.
For instance, from RFC2440 to the final draft of RFC4880, OpenPGP specified 3DES as a permissible algorithm. 3DES was designed in the 1970s and is by modern standards unbearably ugly. It has all the aesthetic qualities of Soviet New Realism art, all the elegance of a North Korean workers' housing bloc. When the movie _Tropic Thunder_ played in theaters, when Robert Downey Jr.'s character exclaimed "Behold, God's mistake!", every cryptographer in the audience perked up thinking 3DES was about to make its Hollywood appearance.
But you'll notice I never said 3DES was weak. After fifty years (!!) of cryptanalytical research nobody knows of any practical attacks on 3DES when used in the standard OpenPGP use case. It's kind of impressive that way. (If you're using it for more than a few hundred megs of data in a single message you're doing it wrong, but how many of us actually do that?)
Given all this, for many years we were slow to remove 3DES from the Open/LibrePGP cipher suites. It was on the TODO. It wasn't terribly high priority. And our attitude on this caused a lot of academics to say "they still require every client support 3DES; my God, what backwards heathens."
=====Some very serious people have made very serious criticisms of OpenPGP over the years. Matthew Green at Johns Hopkins, for starters, was really not a fan. See, for instance, this essay:
https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/His criticisms in 2014 were pretty sharp and for the most part fair. Libre/OpenPGP took notice and have since taken steps to mitigate a lot of those concerns. (He's probably still not a fan, however.)
But for every solid, well-thought-out, and occasionally devastating critique on Open/LibrePGP there are easily a dozen ones that vary from disingenuous to confused to genuinely dishonest and manipulative.
Anyway. Hope this helps. :)
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
