This article claims that PGP is dead. Is it really though? I checked EFAIL mitigation page, and nowhere does it support their claims about the tech being dead? And if it is so insecure as claimed by the article, then why is it still being used to sign Git commits or encrypt emails even today? Why did Skiff conveniently ignore the part to inform the reader that the standard was being updated?
That srticle does not claim PGP to be insecure.
“Keys can be stolen or hacked”. Assuming that an adversary gains access to your user account on your local computer? Well, there is no messaging protocol that will “protect” you and your data when an adversary has unrestricted access to your user account.
I am not sure for whom this article was written. “It’s hard to exchange keys” is Computer Security 101. That’s how public-key cryptography without a centeralized PKI works. The only valid argument against PGP I could recognize here is the fact that PGP provides no forward secrecy.
It seems you completely misinterpreted the intention of the article (willingly or ignorantly).
At Skiff, we take an authoritative position that PGP is no longer useful, long outdated by better encryption protocols, encumbered by unneeded complexity, and hard to use even from the start.
Except for “no longer useful” the rest is pretty much unanimously agreed upon within the community.
deleted by creator
