On 14-08-26 11:42 AM, Christopher Browne wrote:
I rather liked the line about "Cryptography that post-dates the Fresh Prince."  :-)
http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html

Though there are many rebuttals to that article, I agree with this one most:
“What's The Matter With PGP?” <https://pthree.org/2014/08/18/whats-the-matter-with-pgp/>

(via the rather thoughtful discussion on MetaFilter: <https://www.metafilter.com/142215/Whats-the-matter-with-PGP>)

And I'm really not sure why anyone at Keybase would think that this was the way to do crypto at all:
Keybase.io is also a Keybase client, however certain crypto actions (signing and decrypting) are limited to users who store client-encrypted copies of their private keys on the server, an optional feature we didn't mention above.  On the website, all crypto is performed in JavaScript, in your browser. Some people have strong feelings about this, for good reason. <https://keybase.io/>
If someone else has your private key, it's not very private.

So in summary:
  1. PKI is hard, and even harder to get people to care about
  2. UX for PGP front-ends is generally abysmal (Enigmail gets all 0_o if you have the audacity to use MIME, f'rinstance) — perhaps something to do with lack of motivated developers due to [1]
  3. E-mail leaks meta-data, which can be used to glean useful intelligence without knowing the message.

cheers,
 Stewart