[Top] [All Lists]

Re: [openpgp] Manifesto - who is the new OpenPGP for?

2015-03-25 10:16:37
On Tue, Mar 24, 2015 at 10:04 PM, Falcon Darkstar Momot
<falcon(_at_)iridiumlinux(_dot_)org> wrote:
In all seriousness, attempts to create useability for any target
audience by committee are probably doomed (even though what we have now
is balked at even by a lot of security professionals).  PoC something first.

Take a look at the work on

I have done security usability in the past and the bit with the
testing lab and one way mirrors. After a while I realized that I
didn't need any of it. All that we need to do to achieve usable email
security is to make using the secure mail exactly as easy as using

Think that is impossible? I have running code on SourceForge that
works with existing mail clients with no plug ins. It is based on
S/MIME of course because that is the message format that the clients
support. The trust model I am using is actually PGP fingerprints.

The configuration tool essentially has only one option, whether to
select a CA or not and if so the DNS name of the CA. (Right now the CA
registration code is incomplete due to the ACME situation).

Regardless of what the user chooses, the tool creates a personal PKI
for the user, complete with a self signed root, intermediate, split
encryption/decryption keys and a device key for use in key rollovers.
This is the CostCo strategy, instead of selling 20 different models
with different features, CostCo tells the vendor to provide all the
features of the top of the line model at the base model price.

Giving every user a 'standard' trust environment allows us to get to a
pretty good compromise between security and convenience from the
start. Expert users can always enroll supplemental keys which make
different security tradeoffs, not escrowing the key provides some
protection against a subpoena but introduces a real risk of data loss.

To send mail, users just send and receive as normal. The only time a
user has to be aware of the encryption is if they want to require the
message to be encrypted.

As I said, right now the code only supports S/MIME. But I have always
planned to add OpenPGP support so I can make use of the PGP keys as

The key bit of technology is basically taking a bit of design for the web

"Take all the information you need to establish a connection and pack
it into one identifier that can be cut and pasted".


openpgp mailing list