I've always thought that #pgp was pretty good, but I just came across this seemingly reasonable article that is *very* critical of it: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
The tldr:
* pgp has weak security options and code complexity for backwards compatibility with the 90s
* because of that, pgp is really easy to misconfigue with poor security
* pgp doesn't provide forward secrecy
* pgp encourages you to have one master key that you never change, instead of rotating
Any thoughts/rebuttals?
> I've always thought that #pgp was pretty good, but…
(I'm slightly disappointed that, of all the many replies I got to the above toot, *none* of them were "I see what you did there")
@codesections
Hmmm, would you care to enlighten us poor creatures? 😃
@codesections thanks anyway, indeed I didn't see it :-)
@RLetot
>>> I've always thought that #pgp was pretty good, but…
>> (I'm slightly disappointed that, of all the many replies I got to the above toot, *none* of
them were "I see what you did there")
> Hmm, would you care to enlighten us?
(PGP stands for Pretty Good Privacy, and I was saying it was "pretty good". It wasn't all that funny to begin with, and much less so now that it's explained!)