← Back to context

Comment by Leace

7 years ago

> there’s a simple meta-problem with it: it was designed in the 1990s, before serious modern cryptography

SSL was designed in 1994 but it has been properly maintained and today no-one argues that TLS should be replaced by noise/strobe etc. OpenPGP's problem no 1. is that there are no parties using it on a wider scale and interested in improving it.

SSL 2.0 was overhauled (by cryptographic experts) to create TLS, and, after something like 10 years of effort, support for SSL 2.0 was scourged off the Internet. And still, we had the DROWN attack a couple years ago, which manages to exploit cross-protocol attacks between SSL 2.0 and TLS on different servers. In the last few years, we got TLS 1.3, which again made significant, breaking changes with the previous versions of the protocol (such as getting rid of the RSA handshake), and presumably over the next 10 years we'll be shedding support for all previous versions of TLS.

That's what didn't happen with PGP.

  • > That's what didn't happen with PGP.

    Yes. And your software suggestions are excellent for 2019. I just wonder whether in 10 years it would be better to have a standard improved/developed, instead of a collection of one-vendor tools where the code is specification. That said I don't have high hopes for PGP given its maintenance problem.

    Thanks for writing on the subject, even if the subject should already be clear to majority of technical people!

I’d argue for replacing TLS if it were plausible to replace TLS for mainstream users. HTTPS is a dumpster-fire for a lot of the same reasons PGP is.

For example, the fact that there’s a grab bag of different ciphers, compression options, and other toggles makes properly picking settings an exercise in copy-pasting from a site you trust or guessing and then running an SSL Labs test until it comes back green. If you miss something, congrats, somebody can MITM and trick your users into downgrading.

Things like this are why the most notable features of TLS 1.3 are the things it removed, more so than what was added.

  • I guess one difference here is that often major implementations of HTTPS make the best choices (like operating systems, major browsers, major web server software, etc.), whereas with something like PGP, everyone is using GPG which has only one implementation which is known to be terrible.