{"id":169,"date":"2016-12-17T22:08:31","date_gmt":"2016-12-18T03:08:31","guid":{"rendered":"https:\/\/sites.bu.edu\/perryd\/?p=169"},"modified":"2017-01-18T10:54:47","modified_gmt":"2017-01-18T15:54:47","slug":"rethinking-pgp-encryption","status":"publish","type":"post","link":"https:\/\/sites.bu.edu\/perryd\/2016\/12\/17\/rethinking-pgp-encryption\/","title":{"rendered":"Rethinking PGP encryption"},"content":{"rendered":"<p>Filippo Valsorda wrote an article recently on ArsTechnica titled<a href=\"http:\/\/arstechnica.com\/security\/2016\/12\/op-ed-im-giving-up-on-pgp\/\" target=\"_blank\"> I&#8217;m Throwing in the Towel on PGP, and I Work in Security<\/a>\u00a0that really made me think. Filippo is the real deal when it comes to PGP; few have his bona fides in the security arena, and when he talks, people should listen.<\/p>\n<p>The basic message of the article is the same one that we&#8217;ve been hearing for two decades: PGP is hard to use. I&#8217;ve been a proponent since 1994 or so, when I first downloaded PGP. I contributed to Phil Zimmerman&#8217;s defense fund (and have the T-shirt somewhere in my attic to prove it). As an educator I&#8217;ve discussed PGP and how it works with nearly every class I&#8217;ve taught in the past 20 years. \u00a0I push it really hard.<\/p>\n<p>And yet, like Filippo, I receive two, maybe three encrypted emails each year, often because I initiated the encrypted conversation. Clearly there&#8217;s an issue here.<\/p>\n<p>Most stock email clients don&#8217;t support PGP. Mail on MacOS doesn&#8217;t. I&#8217;m pretty sure that Outlook doesn&#8217;t. I use Thunderbird because it does support PGP via a plugin. I really don&#8217;t get this&#8230;email should be encrypted <em>by default<\/em> in a simple, transparent way by every major email client. Key generation should be done behind the scenes so that the user doesn&#8217;t have to even think about it.<\/p>\n<p>We might not ever get there.<\/p>\n<p>And so, after 20 years of trying to convince everyone I meet that they should be using\u00a0encryption, I, like Filippo, might be done.<\/p>\n<p><em>However<\/em>, there <em>is<\/em> a use case that I think works, and that I will use myself and educate others about. I&#8217;ve digitally signed every email that I send using PGP for several years, and I think that it might be the right way to think about how we use PGP. Here&#8217;s the approach, which is similar to what Filippo is thinking:<\/p>\n<ol>\n<li>I will continue to use PGP signatures on all of my email. This provides nonrepudiation to me. I will use my standard, well-known key pair to sign messages.<\/li>\n<li>When I need to move an email conversation into encryption, I&#8217;ll generate a new key pair just for that conversation. The key will be confirmed either via my well-known key pair or via a second channel (<a href=\"https:\/\/whispersystems.org\" target=\"_blank\">Signal<\/a> IM or similar). The conversation-specific keys will be revoked once the conversation is done.<\/li>\n<li>I will start to include secure messaging ala <a href=\"https:\/\/whispersystems.org\" target=\"_blank\">Signal<\/a> in my discussions of privacy<\/li>\n<\/ol>\n<p>Nonrepudiation is really a benefit to me rather than anyone receiving my messages and I don&#8217;t see any reason not to use my published keys for this.<\/p>\n<p>Secure apps like Signal I think are more natural than bolting PGP onto email and are easier for non-tenchical users to understand. Further, the lack of forward secrecy in PGP (and its inclusion in <a href=\"https:\/\/whispersystems.org\" target=\"_blank\">Signal<\/a>) should make us think twice about encrypting conversations over and over with the same keys rather than using a new set of keys for each conversation.<\/p>\n<p>I think this approach will do for the time being.<\/p>\n<p>[Update: Neil Walfield <a href=\"http:\/\/arstechnica.com\/information-technology\/2016\/12\/signal-does-not-replace-pgp\/\" target=\"_blank\">posted his response<\/a> to Filippo&#8217;s article; the comments are a good read on the problems we&#8217;re facing with PGP. ]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Filippo Valsorda wrote an article recently on ArsTechnica titled I&#8217;m Throwing in the Towel on PGP, and I Work in Security\u00a0that really made me think. Filippo is the real deal when it comes to PGP; few have his bona fides in the security arena, and when he talks, people should listen. The basic message of [&hellip;]<\/p>\n","protected":false},"author":11388,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,20,13],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/posts\/169"}],"collection":[{"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/users\/11388"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/comments?post=169"}],"version-history":[{"count":4,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/posts\/169\/revisions"}],"predecessor-version":[{"id":178,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/posts\/169\/revisions\/178"}],"wp:attachment":[{"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/media?parent=169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/categories?post=169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/tags?post=169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}