OpenPGP really works

OpenPGP really works
or it’s more sexy to create the next secure chat applications than improving existing RFCs
By Alexandre Dulaunoy
Jan 2 2017
https://www.foo.be/2016/12/OpenPGP-really-works

In the past years, I have seen many articles, publications or blog posts mentioning that PGP is dead or has been replaced by the next-generation chat applications. We are obviously shifting our communication channels towards ephemeral communication schemes and the OpenPGP standard is maybe not the best suited protocol. Already in 2005, the well-known paper “Why Johnny Can’t Encrypt” was already pinpointing the shortcoming of the user-interface and experience in PGP. So I decided to track one day of my activities relying on PGP and especially to list where the OpenPGP standards play a significant role and especially its GnuPG free software implementation.

My day-to-day work is in the field of information security and especially incident handling, analysis and response. A significant volume of sensitive information is exchanged, handled, stored, processed and distributed when you perform incident response. Ensuring integrity, authentication and confidentiality is a key factor. So I installed snoopy for a day to look how many times GnuPG or a related library is started and used on my laptop running a recent Ubuntu GNU/Linux distribution.

The output of snoopy looks like this:

[snip]

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s