Peter Todd @pete@petertodd.org

@ajtowns It's very easy to do a better job than the alternative - the CA system - with GPGs trust database and some thought. Hell, just the fact that it's _not_ a common and standardized way of doing things is by itself a huge improvement for expert usage, because targeting an attack is hard and it'll have a low payoff usually.

Not to mention, the obvious thing to do ends up combining both: downloading a .sig file from an https connection.

@ajtowns ...and remember, you absolutely can change how GPG works re: marginal trust and the like. You get to decide how you want to verify keys. It's not hard.

@ajtowns "@pete the strong set is 55k single points of failure for pgp's automatic trust calculations."

Huh? That's not how GPG works. You don't just blindly trust multiple levels deep.

"Or there's zero middlemen if you're directly checking fingerprints and doing kyc in person."

...which is _incredibly_ limiting. Even someone like me who has gone to countless conferences doesn't have a direct links with tons of people. But after one or two steps, it's not so hard.

@ajtowns The industry goes to conferences and gives talks. Who knows who, where we've been, and who we talk too is very public. And you can always delay when you sign. Or choose not too.

Again, what's the alternative for high security? Be realistic.

@mir_btc I asked my lizard friends of course. Duh.

@ajtowns @orionwl Re: the value of WoT, it's obvious: having something other than certificate authorities.

You see this _immediaty_ if you ever try to work out the procedures for securely doing something of high value: you just have to have some other way of verifying signatures, because CAs are worse than a central point of failure. They're literally hundreds of points of failure.

@ajtowns @orionwl What "automatic trust stuff" specifically? You mean GPG's trust db?

How do you propose to allow third parties to verify anything without WoT data being public?

Conversely, why do you think the fact that someone like myself - a very well known figure - might think, say, the Qubes signing key is real needs to be kept private?

@mir_btc Nah, you're definitely not: lizards aren't that meta.

@ajtowns By the time you implement that, you could have just slapped multiple PGP sigs on one file and told your auto-update tool what to do. And that's easier to verify by hand by the experts who are double-checking things.

Note that you *literally* can concatenate the ascii-encoded sigs, and they'll verify just fine with GnuPG. We've actually done this before for a public announcement; I've done it on git commits.

@mir_btc He won't be as fun when those eyes burst out of their sockets.

...or maybe he will be? What do I know about lizard biology?

https://web.archive.org/web/20210122090316/https://twitter.com/digitsu/status/1352519630670057475

😂 😂 😂 😂 😂 😂 😂

I'm not sure which one is dumber.

@ajtowns @orionwl 1024bit DSA FTW.

@ajtowns @orionwl You know what was _the_ biggest advance in web certificate security?

It wasn't new crypto. It was a stupidly simple merkle mountain range called certificate transparency. It revolutionized the human/political side of the certificate business, by adding some pretty basic auditing. It has literally lead to scammers and bad actors going bankrupt.

_That's_ the kind of thing what a PGP replacement needs to focus on. Not what signature scheme it happens to use.

@ajtowns @orionwl Believe me, I'd love to replace OpenPGP with a standard with sane serialization, ditches old crypto, etc.

But if I were to do that, I'd actually make a _replacement_. That means thinking about how to get to the same place re: WoT and key distribution. And that's a _much_ harder problem to solve than the crypto itself.

@ajtowns @orionwl I know. That's why efforts got put into writing new PGP libraries. Efforts that should have been done literally a decade ago... But of course get held back, because people inexplicably push weird niche stuff that's obviously worse.

@ajtowns You haven't proposed an alternative. Throwing out some niche BIP is _not_ an alternative.

Fact is, in the real world the people who don't validate this stuff by hand are going to end up having web browser certs as the root of trust, and/or auto-update tools.

@ajtowns @orionwl In particular, it is _very_ likely that at least some of those academics are literally being paid off by the likes of the NSA to discourage the use of secure, decentralized, tech.

We know from the Snowden leaks that GnuPGP was one of the things they had severe problems compromising reliably. Equally, the PGP _mindset_ is one that makes for systems that are hard to compromise.