{"id":9319,"date":"2014-08-17T20:59:17","date_gmt":"2014-08-18T00:59:17","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=9319"},"modified":"2014-08-17T20:59:17","modified_gmt":"2014-08-18T00:59:17","slug":"whats-the-matter-with-pgp","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2014\/08\/17\/whats-the-matter-with-pgp\/","title":{"rendered":"What&rsquo;s the Matter With PGP?"},"content":{"rendered":"<p><a href=\"http:\/\/blog.cryptographyengineering.com\/2014\/08\/whats-matter-with-pgp.html\">Matthew Green<\/a>:<\/p><blockquote cite=\"http:\/\/blog.cryptographyengineering.com\/2014\/08\/whats-matter-with-pgp.html\"><p>Now let&rsquo;s ignore the fact that you&rsquo;ve just leaked your key request to an untrusted server via HTTP. At the end of this process you should have the right key with high reliability. Right?<\/p><p>Except maybe not: if you happen to do this with GnuPG 2.0.18 -- one version off from the very latest GnuPG -- the client <a href=\"http:\/\/bugs.gnupg.org\/gnupg\/issue1579\"><i>won&rsquo;t actually bother to check the fingerprint of the received key<\/i><\/a>.<\/p><p>[&#8230;]<\/p><p>Adding forward secrecy to asynchronous offline email is a much bigger challenge, but fundamentally it&rsquo;s at least <i>possible<\/i> to some degree. While securing the initial &lsquo;introduction&rsquo; message between two participants may be challenging, each subsequent reply can carry a new ephemeral key to be used in future communications. However this requires breaking changes to the PGP protocol and to clients -- changes that aren&rsquo;t likely to happen in a world where webmail providers have doubled down on the PGP model.<\/p>\n<p>[&#8230;]<\/p><p>I realize I sound a bit cranky about this stuff. But as they say: a PGP critic is just a PGP user who&rsquo;s actually <i>used<\/i> the software for a while. At this point so much potential in this area and so many opportunities to do better. It&rsquo;s time for us to adopt those ideas and stop looking backwards.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Matthew Green:Now let&rsquo;s ignore the fact that you&rsquo;ve just leaked your key request to an untrusted server via HTTP. At the end of this process you should have the right key with high reliability. Right?Except maybe not: if you happen to do this with GnuPG 2.0.18 -- one version off from the very latest GnuPG [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[150,965,48],"class_list":["post-9319","post","type-post","status-publish","format-standard","hentry","category-technology","tag-email","tag-pretty-good-privacy-pgp","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/9319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=9319"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/9319\/revisions"}],"predecessor-version":[{"id":9320,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/9319\/revisions\/9320"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=9319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=9319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=9319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}