GPG Replacement Just Needs to Be “Good Enough” For Now

A few days ago, Moxie Marlinspike wrote something that got the InfoSec community into a open debate.  His contention is that GPG has failed philosophically and technologically in building up 20 years of cruft.  He essentially calls for a restart, and calls GPG’s small installation base a blessing in disguise because it makes for an easier time starting from scratch.

This, not surprisingly, resulted in a lot of very strong responses, with some for, others against, and many looking for clarification.  I understand his point, and I agree with him in some parts (mostly the philosophical) but am hesitant on other parts (mostly the technical).  What follows is based on a couple of posts I made on Slashdot. Continue reading “GPG Replacement Just Needs to Be “Good Enough” For Now”