Mailing List Archive

Some thoughts on the future of OpenPGP and GnuPG
Hello!
Just right now I have read about a security vulnerability in the PGP keyservers, that can likely not be fixed according to Heise Online.
That makes me writing about something I have been thinking of for quiet some time now:
I am working in an environment that deals with highly sensitive personal data and my first PGP-key dates back to as far as the mid 1990s. Meanwhile I have changed it a few times, going from PGP 2.3 to the DH/DSS-Keys propagated by PGP 5 and then back to RSA-Keys with GnuPG.
When looking at my In- and Outbox over the whole time I can safely say that I received and send only about 25 (!) mails in all the years and that many of my contacts simply have no PGP or don't use it any longer. It is easier and more reliable to send sensitive data by fax or mail for them.
Many attempts to make mail encryption easier have failed and the standards we have for it are aging. S/MIME was never repaired after the so called efail-attack and OpenPGP relies on a SHA1-based modification detection code to protect from it as far as I know. Many other aspects are also far from moderns standards.
Beyond this the complicated (and now dysfunctional as stated above) keydistribution caused many people to either send mails unencrypted, use regular mail or fax or use encrypting messengers nowadays.
The renewal of the OpenPGP-standard has stopped or stalled last year and the additions to GnuPG were also rather small in the past years (aside from ECC).
So my question as a user with a need for strong mail encryption is, whether it is not a time to start over with an all new encryption standard replacing OpenPGP and S/MIME completely. Something like the much praised Wireguard is doing right now in the VPN-world.
Implementing just one (or two if needed) standardized modern method for each of the following basic components: s2k-function, hash algorithm, authenticating symmetric crypto-algorithm, one ECC-based and one conventional asymmetric crypto-algorithm. And somethin to ease the key distribution. OPENPGPKEY and WKD might be suitable for that.
Thats it. No backwards compatibility. All new lean and easy. In my experience there are so few people actually using OpenPGP and these are crypto experienced so they should eysily adopt the modern proposal. If really needed the old standards could be supported for some time in a seperate "classic" component, but without the ability to create new keys.
To propagate the distribution of this hypothetical new format it might be useful to get some of the major mailproviders, business software companies and mail software vendors might be useful, another problem of OpenPGP was and is that aditional software components are needed.
Once again: I know that won't be easy or perhaps it can't be done at all. I really appreciate the work and commitment of Werner and all the others here and I am donatig each year to support them. But their work is simply not working in the real world. Sorry to say so, but that's my eperience and view  as a user -or let's better say wannabe user as there is no one to write encrypted mails to... ;)
Thanks for reading and discussing!
Karel

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
karel-v_g--- via Gnupg-users wrote:

> Hello!

[snip]

Hi Karel,

I think *flame on* Werner does not need to change anything,
because he is in the lucky position do get financed by
the big boys, so I see no need for him to start doing something
new like many others (with no financial support) do. Plus he
has the big openpgp community behind him, which supports him too.
(I have nothing against Werner, he can make millions!)

I also used PGP since the mid 90's and later used PGP and finally
GnuPG. Nowadays I use the super cool box* (plus base91 as armor)
with friends and for .pdf documents I use eIDAS conform signatures,
so that I am compatible in the EU. I also experimented with
encrypted Fax documents, but the armor GnuPG uses produces to
many erros with OCR FOSS software. I had better luck with codegroup
armor and Googles OCR, when uploading encrypted documents.

If you like to use other solutions besides GnuPG I would google
for it, like something like this etc. and check github too:

https://ianix.com/pub/curve25519-deployment.html

*https://github.com/rovaughn/box

Regards
Stefan



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
On 01/07/2019 23:36, Stefan Claas via Gnupg-users wrote:
> I think *flame on* Werner does not need to change anything,
> because he is in the lucky position do get financed by
> the big boys, so I see no need for him to start doing something
> new like many others (with no financial support) do.

Oh, for the love of...

https://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke

Seriously, ... . I'm going to exercise some restraint here and not write
anything else, because I can't find words to do it politely.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
Re: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
On 2019/07/01 17:32, karel-v_g--- via Gnupg-users wrote:

> So my question as a user with a need for strong mail encryption is,
> whether it is not a time to start over with an all new encryption
> standard replacing OpenPGP and S/MIME completely.

The main problem with OpenPGP isn't that its guts are old and slightly
klunky. Many other things that the internet relies on are old and
slightly klunky, but they still do the job. Where it does fall down
often is in ease of use, both for end users and developers. And this is
where most mature software projects end up putting most of their time,
because "fit for use" is an order of magnitude more difficult than "fit
for purpose". [1]

The problem is that a) there's no revenue model for email security, so
the big companies are reluctant to work on it for profit, and b) it's
not sexy, so the talented youngsters aren't willing to work on it for
fun. That will be true of any replacement, which is why despite people
suggesting a modern replacement for over a decade, nobody has actually
made one. And while starting from scratch may look tempting because it
gets rid of all the technical debt, it also gets rid of all the
technical assets.

Yes, there are sexy new things like Signal, but they got to where they
are by doing one (relatively straightforward) thing and doing it well.
OpenPGP is a generalist tool, which explains both why it has ended up
quietly embedded in so many other things, and why it is so difficult to
upgrade or replace.

> To propagate the distribution of this
> hypothetical new format it might be useful to get some of the major
> mailproviders, business software companies and mail software vendors
> might be useful

And this is the crux of the problem. If the big mail providers took
email security seriously, we would never have got here in the first
place. But the nature of email is that nobody owns it, therefore it is
nobody's job to fix it. And the people who care have real jobs and
mortgages.

[1]
https://www.quora.com/What-is-the-service-utility-and-warranty-in-ITIL-v3

--
Andrew Gallagher
Re: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
> Seriously, ... . I'm going to exercise some restraint here and not write
> anything else, because I can't find words to do it politely.

I could not agree more.

Stefan, that was out of bounds, inaccurate, and easy to refute. If
you'd just done a Google search before you hit 'Send' you would've
discovered the truth.

I think you owe Werner an apology.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
Robert J. Hansen wrote:

> > Seriously, ... . I'm going to exercise some restraint here and not write
> > anything else, because I can't find words to do it politely.
>
> I could not agree more.
>
> Stefan, that was out of bounds, inaccurate, and easy to refute. If
> you'd just done a Google search before you hit 'Send' you would've
> discovered the truth.
>
> I think you owe Werner an apology.

O.k. I should better have said "was* in or may still is in" the lucky
position.

With "big boys" I meaned the German Government, German BSI and Facebook.

Before I do any further replies I kindly request that some kind soul
here acts as Interpreter of the footage below, so that all you guys
and gals understand better what I meaned.

I assume that 99.9 % of GnuPG /gpg4win users have not seen this before.

https://www.youtube.com/watch?v=ZfbvNyy6vBE

P.S. to me it is still unknown why exactly Facebook is an anual donor.

Regards
Stefan




_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
On 02/07/2019 15:03, Stefan Claas via Gnupg-users wrote:
> P.S. to me it is still unknown why exactly Facebook is an anual donor.

Facebook are a *serious* user of OpenPGP. Every email they send me is
encrypted to my PGP key. In this respect they are decades ahead of 99.9%
of the other big IT companies.

--
Andrew Gallagher
RE: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
This is quite cool (I have mine set up the same way), but somewhat ironic considering, well... they're Facebook. I mean of all the big dog internet companies out there that you'd expect to give you extreme measures protect in-transit personal user data... Facebook?!

-Ryan McGinnis
https://bigstormpicture.com
PGP fingerprint: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail

-----Original Message-----
From: Gnupg-users <gnupg-users-bounces@gnupg.org> On Behalf Of Andrew Gallagher
Sent: Tuesday, July 2, 2019 9:28 AM
To: gnupg-users@gnupg.org
Subject: Re: Some thoughts on the future of OpenPGP and GnuPG

On 02/07/2019 15:03, Stefan Claas via Gnupg-users wrote:
> P.S. to me it is still unknown why exactly Facebook is an anual donor.

Facebook are a *serious* user of OpenPGP. Every email they send me is encrypted to my PGP key. In this respect they are decades ahead of 99.9% of the other big IT companies.

--
Andrew Gallagher

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
On Tue, 2 Jul 2019 16:03, gnupg-users@gnupg.org said:

> With "big boys" I meaned the German Government, German BSI and Facebook.

I, or well my company g10 Code GmbH, has currently no contracts with the
German government or the BSI. We had projects with the BSI but no
funding whatsoever. These projects are the usual invitation for bid, a
bid by us (together with Intevation GmbH), and with luck the bid was
then accepted. The last such project ended about 2 years ago.

Right now we are talking to companies and also institutions like the BSI
with the goal to sell support contracts (under the gnupg.com label);
that is a new effort Andre and me started this year.

Facebook and Stripe both donate 50k USD per year to support GnuPG
because they use it internally and with their customers and users. They
are obviously interested to keep the software well maintained.

We also have recurring donations from individuals which are really
helpful and encouraging. Thanks.

> I assume that 99.9 % of GnuPG /gpg4win users have not seen this before.

This is an old (2014) video showing the answer to a parliamentarian
question by MdB Christian Ströbele on why support for German crypto
[GnuPG] is such low. The answer has some numbers on money spent via BSI
and BMWI for these purposes. We tried to figure out how they get to
these numbers and it seems they lumped together different efforts over a
long period of time.

Anyway, it might have helped that new invitations for bids were sent out
by the BSI and Intevation and g10 Code where lucky enough to get
acceptance for our bids on 3 projects (Gpg4all, EasyGpg and Gpg4vs-nfd).
They worked quite well and for the first time we actually made some
profit form these projects. See [1] for short article on g10 Code's
profits in 2016 and [2] for the balance sheet of 2017.

Unfortunately I have had not found the time to write about the year
2017, or even 2018, on how we are doing. This lack of time of mine is
partly caused by the departure of 3 of our employers to move on to pEp
and hack on their projects over there. Anyway, we are currently without
financial problems and are more troubled to find good developers who
have a professional working habit and, best, have some experience in our
field.


Shalom-Salam,

Werner


[1] https://gnupg.org/blog/20170904-financial-results-2016.html
[2] https://gnupg.org/blog/data/g10code-bilanz-2017-pub.pdf

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
Werner Koch via Gnupg-users wrote:

[snip]

> [1] https://gnupg.org/blog/20170904-financial-results-2016.html
> [2] https://gnupg.org/blog/data/g10code-bilanz-2017-pub.pdf

Thanks a lot for the detailed reply, much appreciated!

Also *much* success in the future!

Regards
Stefan


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
On 2019-07-01 at 18:32 +0200, karel-v_g--- via Gnupg-users wrote:
> Hello!
> Just right now I have read about a security vulnerability in the PGP keyservers,

Note: that's a problem with the keyservers and key distribution, not
with PGP itself.


(...)
> So my question as a user with a need for strong mail encryption is, whether it is not a time to start over with an all new encryption standard replacing OpenPGP and S/MIME completely. Something like the much praised Wireguard is doing right now in the VPN-world.
> Implementing just one (or two if needed) standardized modern method for each of the following basic components: s2k-function, hash algorithm, authenticating symmetric crypto-algorithm, one ECC-based and one conventional asymmetric crypto-algorithm. And somethin to ease the key distribution. OPENPGPKEY and WKD might be suitable for that.
> Thats it. No backwards compatibility. All new lean and easy.

That won't solve *email* encryption.
In fact, you will again some old problems (that may not have been fixed
completely even after all these years, though).

A new shiny system could be made in a couple of days that worked in a
different way and required you to use a separate program.

Encrypted messages could be exchanged through email in the form of
attachments that you need to extract, then open with a special program
to decrypt.
(In fact, many people _currently_ use OpenPGP in that stony age way)

But none of those is really *email* encryption.
You could maybe even make that new program able to connect to your
existing email via IMAP (assuming it's supported!).

But then, it needs to work in Microsoft Outlook. Or in Lotus.
Or have it sent thorough a certain Exchange server which blocks the
encrypted mails sent using this PGP plugin but not this other one.
While the first one does a much better job for reading than the second
one. And you end up with the bizarre case of having one plugin that
works for reading and another for writing.

Let's not get started with being able to read it on the company
smartphone where only a single email client is allowed.
Or the Webmail you were provided.

Here we face the adoption problem. If everyone used OpenPGP, all email
clients would be expected to support it. And those creating the email
clients would dedicate resources so that their MUA works properly with
encrypted messages, rather than leaving that to third parties that often
need to loop through holes to support things.

(Also, many mail providers actually benefit from having access to users'
data, from virus/spam filters, to learning your preferences in order to
eg. show you more suited ads. Combined with little customer interest of
such feature, it's not that strange there hasn't been much interest on
going the route for OpenPGP adoption)


MUA support is the big problem IMHO. First of all for supporting
seamless reading and writing of encrypted emails, and then having the
right user interfaces.

A new system could improve some minor things in the wire format and
encryption options, but it's working pretty well there, and can be fixed
relatively painlessly on rfc4880 successor.

The big deal are email clients. And there you would have all the issues
that existing implementations have. Plus those they have fixed.
Unless you somehow get to have everyone moving to encrypted mails almost
at once, so it creates such pressure.



> In my experience there are so few people actually using OpenPGP and these
> are crypto experienced so they should eysily adopt the modern proposal.

That would be much more harder than you expect. But the big problem is
the above one. And rewriting everything won't solve that.


Regards


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: RE: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
> This is quite cool (I have mine set up the same way), but somewhat
> ironic considering, well... they're Facebook. I mean of all the big
> dog internet companies out there that you'd expect to give you
> extreme measures protect in-transit personal user data... Facebook?!

Oh yes, absolutely so.

Facebook makes good money off your personal data. If they allow other
people to obtain it, that's money they're losing.

You can rely on Facebook to zealously protect their bottom line.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some thoughts on the future of OpenPGP and GnuPG [ In reply to ]
On Tue, 2 Jul 2019 20:41, angel@pgp.16bits.net said:

> attachments that you need to extract, then open with a special program
> to decrypt.
> (In fact, many people _currently_ use OpenPGP in that stony age way)

From my experience many people use ZIP or PDF encryption here and not
OpenPGP. But anyway we do not have any real numbers on that and thus we
can't tell for sure. Agreed, copy and pasting armored gpg messages is
often a very useful thing in particular with chats and fora.

> But then, it needs to work in Microsoft Outlook. Or in Lotus.

We like to hear about problem you experience with Gpg4win and Outlook
with and without Exchange. A few minor bugs are known but most users
tells us that it works pretty well, be it OpenPGP or S/MIME. The user
interface of GpgOL (The outlook plugin from Gpg4win) for encryption is
even more advanced than Outlook's internal S/MIME encryption.

> The big deal are email clients. And there you would have all the issues
> that existing implementations have. Plus those they have fixed.

Right, and most faults you have seen in recent years are due to bad
integration of crypto in MUAs. It used to be better when we started to
integrate encryption into MUAs about 20 years ago but meanwhile nifty
UIs and featurism seems to be more important than solid integration.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.