[mike_hearn]

> In the absence of routine attacks targeting cryptography, it's easy to believe that systems that don't annoy their users with identity management are superior to those that do. They do indeed have an advantage in deployability! But they have no security advantage. We'll probably find out someday soon, as more disclosures hit the press, that they were a serious liability.

You're probably talking about the PKI here. However, after a year's worth of Snowden leaks (and perhaps other leakers too) there have been zero documents discussing routine or even occasional sabotage of the PKI.

You suggest that we'll "probably" find out "someday soon" that only PGP works and everything else sucks, but we already went through that acid test. PGP was such an epic failure Snowden and Greenwald failed to connect entirely, and there were no big reveals about certificate authorities.

That doesn't mean the CA system is infallible, just that attacking endpoint security is easier. But as Matt's GPG example shows, GPG endpoint security is just as pathetic. Heck I didn't realise that GPG couldn't safely import public keys by fingerprint. How the hell does software like that, which has been around so long, fail to do such a basic check? QUANTUM would have made mincemeat of anyone trying to communicate securely using mainstream PGP implementations, whereas most S/MIME implementations I know of wouldn't have been fooled so easily.

Hand-waving about how anything other than PGP is trustworthy doesn't fly with me: there's too much real world evidence from real world adversaries that it sucks and other systems work better.