Matt Green recently blogged about the shortcomings of PGP for e-mail encryption. He makes some valid points, and without a doubt the trust management of PGP and its clone GNUPG is probably its Achillies’ heel. The “web of trust” was supposed to counter the issues inherent in heirarchical certification authority schemes like X.509, and for the most part it does a reasonable job at doing just that when the number of group participants are small. In the real world it suffers from much of the same human factors that have brought the CA style model into question over the past decade. There isn’t an easy answer to this ongoing engineering problem and until a reliable, decentralized way of establishing identity is developed. I suspect that the ultimate solution will draw inspiration from current cryptocurrency “proof of work” type systems.
Whilst Prof Green’s comments are buy and large true, they are not realy relevant as he is conflating two seperate issues,
1, PGP usability.
2, Underlying protocol (in this case SMTP).
Thus untill he de-conflates the two and then revisits his arguments, what he has said is muddled and confused, which does not give me confidence in what he is doing.
Others have indicated he may be being a little dishonest about his agenda with respect his involvment in other nascent projects.
The one major objection I have is his attack on the trust model PGP uses. Historicaly the “Web of Trust” came about as a measure against the then US rumblings about compulsory “Key Escrow”. With a hierarchical system such as CA’s (the then and current alternative). Key Escrow is easily enforced by certificate revocation lists and the inability built into browsers etc to use anything other than one of “The Approved CA’s”, but worse the underlying certificate communications negotiation system makes killing unapproved usage at routers relativly simple.
The solution to Government control of hierarchical systems is a very open problem for a whole variety of reasons, and the failure by browser and other App developers to grasp the nettle and move away from the “Government Approved” CA or worse models is quite telling.
My sentiments exactly. A lot of the shortcomings of PGP that people including Green speak of aren’t shortcomings of PGP per se, but more the underlying environment through which it is constrained. Building a secure cryptosystem on top of something as porous and flaky as email is a tough thing to do… That said I think with trained users who can verify key ownership via real world channels the system does an admirable job. When you don’t or can’t contact the other party offline to confirm key fingerprints is when it breaks down and you have to rely on a third party’s “trust” – anything that involves people is liable to corruption and the WoT model isn’t all that much better than the current situation we have with subverted CAs issuing fraudulent X509 certs for govt MiTMing…
On an entirely seperate and off topic matter.
I don’t know if you’ve noticed but Bruce’s blog is sort of down…
You can read it and preview works, but posting does not it just times out.
A bit odd hopefully it is not a “lack of bird song in a mine” issue.
Haven’t tried to go on the blog for a few days. Still recovering from a serious bout of the flu that sent me into the emergency dept. Re Bruce: until I discover otherwise I can’t confirm it but I would be lying if I said I haven’t considered the possibility that he is now under duress and is attempting to send a message out in as covert way as possible that he is not to be trusted. For me, the really suspicious thing was his week of clickbaitesque headlines. It strikes me as something that Bruce wouldn’t do…