Comment by mikorym
7 years ago
First of all, if you are signing something and want to prove that you are the author, then PGP will allow you to do that.
If you want to encrypt something and prove you are the author, PGP will still allow you to do that.
Does the author mean that PGP is bad for email specifically?
Excel has many of the mentioned properties, such as backwards compatibility and inefficiency, but it gets the job done and you bet it will pay your bills.
It feels to me like these posts are like the 80:20 problem, but rather with 99:1 and it's all about that 1%. I understand that software developers should use libsodium. But I'll sign the words "U R A >on" right now in GPG and wait for you to break my key and sign "U R 1 2" with my private key...
Yeah, most (all) of these arguments seem silly. The primary argument not to use it in emails because someone MIGHT improperly quote your email in a reply and then NOT encrypt their response? Well someone might screenshot your Signal app, or have malware on their phone, or a million other things. It seems like such an absurd corner case to me.
For my use case I don't have any concerns about using GPG. I encrypt files with it, and if anyone wants to put up any money that they can access my files, let me know what escrow service you want to use.
Not because it "MIGHT" happen, because it does happen.
I mean "might happen" in any particular instance. Not that it has never happened and only "might" in the future. Because 0.000000000000000000000000001% of messages have been accidentally exposed does not make PGP inherently bad.
With "Johnny you're fired", it's clear that many clients don't correctly validate PGP signatures
So my question is this: is PGP itself to blame or are people basically saying, "Don't use PGP unless you know what you are doing."
I don't really know what concrete advice the article gives for me personally. (The only thing I take away from this is to learn libsodium as well, rather than not using PGP.)