A few days ago, Moxie Marlinspike wrote something that got the InfoSec community into a open debate. His contention is that GPG has failed philosophically and technologically in building up 20 years of cruft. He essentially calls for a restart, and calls GPG’s small installation base a blessing in disguise because it makes for an easier time starting from scratch.
This, not surprisingly, resulted in a lot of very strong responses, with some for, others against, and many looking for clarification. I understand his point, and I agree with him in some parts (mostly the philosophical) but am hesitant on other parts (mostly the technical). What follows is based on a couple of posts I made on Slashdot. Continue reading “GPG Replacement Just Needs to Be “Good Enough” For Now”