Offtopic but important: Campaign against PGP - hidden reasons ?
Monday, September 1, 2014, 06:00 PM
Posted by Administrator
If you follow >
Bruce Schneier's blog<, you will notice an >
unusual entry<. He agreed with another blog entry about PGP from Matthew Green which was titled >"
What's the matter with PGP?"<.
Matthew Green complained about usability and key management of PGP (... but mainly related with email), but he didn't gave any proof about a lack of (IT) security. Instead, he just spoke ill about using PGP and email in general.
If he is a cryptographer, why is he doing that ? I mean he can point his finger at real faults or errors, or at least weak spots in algorithms and methods. But he didn't.
He 's talking about cumpersome processes related with PGP. But it's related with the design of the "Web of trust". It's not really a fault.
Do you trust central key storages in cloud solutions ? That's awesome for secret services, because they will find standardized environments with large amounts of data at once, sure.
What is the alternative solution ? S/MIME for email ? Still not manageable for a "normal" user. Also, you have to trust a central provider you don't know (and may be a secret service has already access to that central provider).
If I just want to have data integrity, and I want to make sure no one else except me and my communication partner can read my messages, PGP is still a good choice. That's my opinion.
And I am disappointed about Bruce Schneiers posting such an unqualified blog entry without any further reflection. Not sure about his intention ... except there is a hidden agenda behind it.
This can be similar to the "truecrypt case". Someone (guess who) don't want that users encrypt their data in a secure manner, so they discrediting the unwanted solution. Instead, you should use "Bitlocker". Lol, be honest, that's NOT a solution I will trust. It's closed source. They could implement whatever they want. Think about >"
key escrowing"<.
I am still trusting - >
like Phil Zimmermann< - at least Open Source implementations of PGP, because I still see no legitimate reason why not.
And I am not alone with my opinion about Mr. Green's blog entry. See >
Aaron Toponce's Blog Entry< also.