[noerps]

Putting a better UX or UI has been considered for PGP/GPG a very long time, and if you really reflect on that topic, you'll learn that a fancy interface or UX won't solve anything.

Foolproof software is operated by fools. Facebook has only proven that to an extent that you simply can't deny it anymore.

If fools use PGP/GPG, they will compromise you by putting the message in the subject and encrypting their disclaimer/footer.

OTR uses, iirc, AES and DH-kex, that are the same basic building blocks like RSA and AES or any other symmetric cipher you like to use for PGP/GPG/SSL. OTR adds deniability which is fancy for privacy but won't do for other scenarios (like business, money, profit), it works fine in one to one sessions, but group sessions are off the record.

We can conclude that OTR is fine for chat, sorry to hear google dropped the interoperability protocol in hangouts, take a wild guess why.

PGP/GPG can sent to group-messages (one message encryped for multiple recipients and may optional provide proof of the sender), does not imply any protocol like XMPP, and stores messags in a secure manner too. The drawback is, you have to take care of your private-key and your friens, partners, business-associates public-keys.

If somebody really inists that key management sucks with GPG/PGP let them do some key management and distribution only with a symmetric cipher.

Key-Managment with PGP/GPG is a light, soft breeze compared to that. Some people even used it as an excuse to party.

I understand why people have dropped privacy and anonmyity, it is no fun to follow procedure and there are so less benefits compared to every other social media app, it is so comfy to state you have nothing to hide and not care about the implications.

With PGP/GPG you won't have 600 friends, that means caring about 600 keys, that is basically one revoke a week if you are lucky and all you friends master crypto and revoking and getting their new key signed.

If you want to understand a bit crypto it may take a good tutor to teach you the very basic concepts and history of using crypto within 2 schooldays, 16h (and they'll hate you afterwards and they won't pay that).

[einhverfr]

I agree with this, but would also point out that the problems I am addressing though can't be solved by a better user interface. In addition to the issues you describe you also have the question of key infrastructure. Key servers are not adequate as they are, and so IMO you need to have ways of verifying the key is legit, which are not included in the PGP model.

That key infrastructure is something which needs to be thought out and made resistant to a single party tampering with things.

[noerps]

Key infrastructure doesn't even emit security anymore. The P in PKI is for painful, and I really doubt that some CA, owned by big corporate entity (microsoft, oracle, ca) wouldn't manipulate the eternal append-only log-file for any given human factor and just re-roll it.

There is no benefit in auditing it permanently, like rewarding auditing with payment in bitcoin.

A given conglomerate CA would just revoke and reissue client/customer certificates for some reason and that eternal append log-file gets a short restart and everything is fine again, because of OOPPS compromise.

No CA ever, would host a eternal append-only log-file where you can simply point at and tell: I told you so.

It is simply beneficial for any CA to deploy compromising evidence, just in case, of OOPPS compromise. You sure know whom to blame.

It is not beneficial for a given CA (usa) to allow any other CA (china) to forever store their certificates and make you pay for it.

There is no benefit in eternal log-hoarding for PKI, and they make you pay it.

There is no benefit in it for customers even, because you cant even store that log, retrieve that log or even process it as an individual.

I am at a point where I would try web of trust with unicorns, raindows and flying cats before trying again and again with PKI by taking something from virtual currencies and attach it to PKI. Certificate Transparency is like Chrome, it is not build to let you or me delete, or remove CA-Certificates, we may dislike for any given reason, or just because we can.

I am at a point were I really conclude that taking away certificates or keys and delegate them, is the worst idea ever.

Certificate Transparency is baiscally the same wet-hot idea as in 1994 with PKI: PKI, nearly twenty years ago: In the perfect PKI world imagined by netscape, there would be no war, only love, because secrets would stay secrets forever and the NSA would still chew on their first intercepted message.

Reality check please.

CAs have proven not to be reliable trust providers. It is so easy to find the weakest CA and attack and compromise it. Certificate Transparency won't change that, its not even beneficial for CAs.

So lets try web of trust, it hasn't failed us yet, it just wasn't sexy enough. May we need that P in PKI pain to gain something after 20 years.

Imagine certificates trust-validated from your nerd friend, facebook group, google circle, 4chan, whom you trust, ymmv.

Everthing is better than certificates from the folks that hold your browser, operating system, data, e-mails or docments hostage and make you pay for some binary data blob and logging their failures.