On 2019/07/01 17:32, karel-v_g--- via Gnupg-users wrote: > So my question as a user with a need for strong mail encryption is, > whether it is not a time to start over with an all new encryption > standard replacing OpenPGP and S/MIME completely.
The main problem with OpenPGP isn't that its guts are old and slightly klunky. Many other things that the internet relies on are old and slightly klunky, but they still do the job. Where it does fall down often is in ease of use, both for end users and developers. And this is where most mature software projects end up putting most of their time, because "fit for use" is an order of magnitude more difficult than "fit for purpose". [1] The problem is that a) there's no revenue model for email security, so the big companies are reluctant to work on it for profit, and b) it's not sexy, so the talented youngsters aren't willing to work on it for fun. That will be true of any replacement, which is why despite people suggesting a modern replacement for over a decade, nobody has actually made one. And while starting from scratch may look tempting because it gets rid of all the technical debt, it also gets rid of all the technical assets. Yes, there are sexy new things like Signal, but they got to where they are by doing one (relatively straightforward) thing and doing it well. OpenPGP is a generalist tool, which explains both why it has ended up quietly embedded in so many other things, and why it is so difficult to upgrade or replace. > To propagate the distribution of this > hypothetical new format it might be useful to get some of the major > mailproviders, business software companies and mail software vendors > might be useful And this is the crux of the problem. If the big mail providers took email security seriously, we would never have got here in the first place. But the nature of email is that nobody owns it, therefore it is nobody's job to fix it. And the people who care have real jobs and mortgages. [1] https://www.quora.com/What-is-the-service-utility-and-warranty-in-ITIL-v3 -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
