I’m Giving Up On PGP
By Filippo Valsorda
Dec 6 2016
After years of wrestling GnuPG with varying levels of enthusiasm, I came to the conclusion that it’s just not worth it, and I’m giving up. At least on the concept of long term PGP keys.
This is not about the gpg tool itself, or about tools at all. Many already wrote about that. It’s about the long term PGP key model—be it secured by Web of Trust, fingerprints or Trust on First Use—and how it failed me.
If you got a link to this in response to an encrypted email or to a request for a public key, you might want to skip to the “Moving forward” section.
Trust me when I say that I tried. I went through all the setups. I used Enigmail. I had offline master keys on a dedicated Raspberry Pi with short-lived subkeys. I wrote custom tools to make handwritten paper backups of offline keys (which I’ll publish sooner or later). I had YubiKeys. Multiple. I spent days designing my public PGP policy.
I travelled 2 hours by train to meet the closest Biglumber user in Italy to get my first signature in the strong set. I have a signature from the most connected key in the set. I went to key signing parties in multiple continents. I organized a couple.
I have the arrogance of saying that I understand PGP. In 2013 I was dissecting the packet format to bruteforce short IDs. I devised complex silly systems to make device subkeys tie to both my personal and company master keys. I filed usability and security issues in GnuPG and its various distributions.
All in all, I should be the perfect user for PGP. Competent, enthusiast, embedded in a similar community.
But it just didn’t work.
First, there’s the adoption issue others talked about extensively. I get at most 2 encrypted emails a year.
Then, there’s the UX problem. Easy crippling mistakes. Messy keyserver listingsfrom years ago. “I can’t read this email on my phone”. “Or on the laptop, I left the keys I never use on the other machine”.
But the real issues I realized are more subtle. I never felt confident in the security of my long term keys. The more time passed, the more I would feel uneasy about any specific key. Yubikeys would get exposed to hotel rooms. Offline keys would sit in a far away drawer or safe. Vulnerabilities would be announced. USB devices would get plugged in.
A long term key is as secure as the minimum common denominator of your security practices over its lifetime. It’s the weak link.
Worse, long term keys patterns like collecting signatures and printing fingerprints on business cards discourage practices that would otherwise be obvious hygiene: rotating keys often, having different keys for different devices, compartmentalization. It actually encourages expanding the attack surface by making backups of the key.
We talk about Pets vs. Cattle in infrastructure, those concepts would apply just as well to keys! If I suspect I’m compromised I want to be able to toss the laptop and rebootstrap with minimum overhead. The worst outcome possible for a scheme is making the user stick with a key that has a suspicion of compromise because the cost of rotating would be too high.
And all this for what gain?