Op-ed: I’m throwing in the towel on PGP, and I work in security

2 min read Original article ↗

Moving forward

I’m not dropping to plaintext. Quite the opposite. But I won’t be maintaining any public long-term key.

Mostly I’ll use Signal or WhatsApp, which offer vastly better endpoint security on iOS, ephemerality, and smoother key rotation.

If you need to securely contact me, your best bet is to DM me asking for my Signal number. If needed we can decide an appropriate way to compare fingerprints.

If we meet in person and need to set up a secure channel, we will just exchange a secret passphrase to use with what’s most appropriate: OTR, Pond, Ricochet.

If it turns out we really need PGP, we will set up some ad-hoc keys, more à la Operational PGP. Same for any signed releases or canaries I might maintain in the future.

To exchange files, we will negotiate Magic Wormhole, OnionShare, or ad-hoc PGP keys over the secure channel we already have. The point is not to avoid the gpg tool, but the PGP key management model.

If you really need to cold-contact me, I might maintain a Keybase key, but no promises. I like rooting trust in your social profiles better since it makes key rotation much more natural and is probably how most people know me anyway.

I’m also not dropping YubiKeys. I’m very happy about my new YubiKey 4 with touch-to-operate, which I use for SSH keys, password storage, and machine bootstrap. But these things are one hundred percent under my control.

About my old keys and transitioning

I broke the offline seal of all my keys. I don’t have reason to believe they are compromised, but you should stop using them now.

Below are detached signatures for the Markdown version of this document from all keys I could still find.

In the coming weeks I’ll import all signatures I received, make all the signatures I promised, and then publish revocations to the keyservers. I’ll rotate my Keybase key. Eventually, I’ll destroy the private keys.

See you on Signal. (Or Twitter.)

Giving up on PGP.md
Giving up on PGP.md.B8CC58C51CAEA963.asc
Giving up on PGP.md.C5C92C16AB6572C2.asc
Giving up on PGP.md.54D93CBC8AA84B5A.asc
Giving up on PGP.md.EBF01804BCF05F6B.asc [coming once I recover the passphrase from another country]

Note: I expect the “Moving forward” section to evolve over time, as tools come and go. The signed .md file won’t change, an unauthenticated .diff will appear below for verification convenience.