On 2/1/2014 3:18 PM, John C Klensin wrote:
(1) Other than a probably-appropriate level of general paranoia,
do we have
any reason to believe that PGP (Symantec and/or GNUPG versions)
has been
sufficiently compromised to not provide a good defense against
either
pervasive surveillance or general snooping?
1. It has demonstrated unacceptable usability for average users.
2. It does not protect the header or the envelope, to the extent anyone
cares about divulging the Subject or other message meta-data...
3. It's packaging in the body is ugly. (See #1)
For sufficiently motivated and technical individuals, it's clear the
technology is extremely useful as a discrete capability.
However any focus on PGP or S/MIME in their current forms will be a
distraction that well might seduce the IETF community into thinking it's
doing something useful for the Internet that actually isn't.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net