[talk] How I stopped worrying, and learned to love GPG

[George Rosamond]

Christos Zoulas:
> On Feb 21,  7:47pm, ike at blackskyresearch.net ("Isaac (.ike) Levy") wrote:
> -- Subject: [talk] How I stopped worrying, and learned to love GPG
> 
> NetBSD has netgpg...

Yes, they do.  And we'd love a meeting on that too!

The main buzz around PGP before that plea that was rectified, has always
been about usage and UX.

Usage is restricted by an inability to work with (most) mailing lists,
sending emails to multiple people in which one not having valid public
keys undermines for everyone, and then of course, client security. A
compromised desktop makes encrypted email useless.

The UX issue is odd in some ways, since PGP has been around in something
of the same form for 20-something years. That should allow sufficient
time for some decent UX work, I would imagine. But then so much of it
revolves around the users' MUAs. Integrate GPG/PGP for Pine for students
at some university and Eudora in 1995 and Gmail... it's a harder
question than one imagines, but UX is also a significant obstacle to
larger adoption.

There is an author on this list who gave a great try in popularizing PGP
for a more general audience, and maybe due to the books title, maybe due
to it being in the pre-Snowden era, it didn't sell in any significant
quantities.  He started from the reality that a few people encrypting
email contradicts its function, as if only few emails on the internet is
encrypted, it's by default suspicious, unlike, say, SSL/TLS web traffic.

There is that (forgot the name) tool for Google that makes GPG easy,
which is a good thing in some ways.  But I think a few ounces of UX work
would go a long way, but the Snowden effect probably has increased the
usage of GPG/PGP beyond what any UX work could do in such a short period
of time.

My $0.02.

g