6/12/2016 - Filippo Valsorda: "I'm giving up on PGP"

PDF Document

It appears your Web browser is not configured to display PDF files. Download adobe Acrobat or click here to download the PDF file.


Creative Commons Licence



Created date

May 25, 2020

Critical Commentary


Filippo Valsorda's post on the reasons why he decided to dive up on PGP. Among these reasons, we find the lack of people actually using PGP, the usability of the software programs, and, above all, the security of the long term key.
[QUotation style:] "The more time passed, the more I would feel uneasy about any specific key. Yubikeys would get exposed to hotel rooms. Offline keys would sit in a faraway drawer or safe. Vulnerabilities would be announced. USB devices would get plugged in. A long term key is as secure as the minimum common denominator of your security practices over its lifetime. It's the weak link."
He adds:
Finally, these days I think I care much more about forward secrecy, deniability and ephemerality than I do about iron clad trust. Are you sure you can protect that long-term key forever? Because when an attacker decides to target you and succeeds, it won't have access from that point forwards, but to all your past communications, too. And that's ever more relevant.
The alternative he suggested then were Signal and WhatsApp.

Group Audience