On 2016-11-16 06:10, Mobile Mouse wrote:
The only insane part of this conversation is being stuck in one use
case and threat model, despite several people screaming otherwise.
I guess you haven't heard of using separate keys for encryption and
signature either...
Who would use it? We aren't spending time on a feature at most half a
dozen people will deploy at the cost of either drowning the application
in endless options or complicating the UX.
K-9 is suffering from configuration overload as it is - 3 settings menus
all with sub sections - hundreds of permutations. Supporting every
possible use case is not a realistic proposition.
Especially with what, half a dozen active developers?
The biggest problem with PGP/MIME is the complexity of set-up and usage.
Adding more and more options to support every plausible way of using it
is not helping solve that.
By all accounts there's 4.5 million keys on keyservers. Now I know, I
know, people distrust keyservers. Maybe that's not even half of all
keys.
But even if it were only 40%, meaning ~10 million keys and each key was
a single email address (far from true) and all of those were active (far
from true) it would be a deployment rate of 0.21%
So the biggest threat to PGP/MIME is deployment. You can talk about
potential threats all you like, but it's irrelevant because the biggest
threat to communicate with PGP is that the user won't have a single key.
Supporting multiple keys is therefore ridiculous at this point.
None of this doesn't mean that if the deployment rate changes the app
will accommodate it. But right now the app has far more important
priorities.
There is a reason people like Moxie wrote this:
https://moxie.org/blog/gpg-and-me/
I happen to disagree with him that PGP is pointless. He also proposes no
solution. But there is something to be said about the community of PGP
crypto people.
- Philip Whitehouse
--
You received this message because you are subscribed to the Google Groups "K-9
Mail" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
