..on Thu, Nov 21, 2013 at 03:56:36AM -0800, Gregory Maxwell wrote: > On Thu, Nov 21, 2013 at 12:31 AM, elijah <eli...@riseup.net> wrote: > > I don't need to beat a dead horse, but nearly every email from carlo > > contains one or more logical fallacies. This email contains two: the > > strawman fallacy (enigmail has poor security, so no usage of OpenPGP can > > have good security) and the composition fallacy (hkp keyservers are part of > > how OpenPGP works, and they leak metadata, so you can't protect metadata > > with OpenPGP). > > So, "A spherical user in harmonic motion could use the system safely > on alternative Tuesdays. Q.E.D." ? > > Common, recommended applications and usage patterns have this problem. > It isn't a strawman to argue out that PGP is widely unsafe in > practice, and to support that position with specific examples. > > AFAICT every complaint he makes is rooted in real limitations in the > technology or the surrounding ecosystem as deployed, and the > limitations are substantive and of a kind which could cause people > harm. They may not apply universally, but that they apply at all is a > problem.
Indeed, but there's a wide gulf between asserting that people should not use (or start to use) PGP at all until a better solution is available - as he does - and developing (and testing) alternatives in parallel. After all, any alternative might prove to be more or equally as vulnerable as PGP. For the time being PGP continues to work pretty well here for my non-life-and-death communication needs. I'd rather use PGP than send mail in the clear. I'm sure this sentiment is shared by many others. Cheers, -- Julian Oliver PGP 36EED09D http://julianoliver.com http://criticalengineering.org -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
