Do you use Signal for chatting securely with friends and loved ones? Us too! We endorse it wholeheartedly, and rely on it for nearly all our communication.
But the vibes are deteriorating here in the US, and we should have a communications contingency plan for if Signal goes down.
OpenPGP for encryption through autocrypt is a BIG NO for me. OpenPGP is inherently flawed, read any reasonable cryptographer’s opinions on it. DeltaChat is a significant security downgrade from Signal. I would much rather use SimpleX or Briar.
I couldn’t find any criticiques of OpenPGP aside from LibrePGP’s. Do you have sources I could look into?
https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/
This article was more constructive (suggesting alternatives) than destructive (leveraging critiques), but it did link to several critiques/vulnerabilities with OpenPGP.
Unfortunately, half are about implementation issues (granted, it’s made more difficult to implement something correctly when it’s as convoluted and all-encompassing as PGP)—which are hopefully not applicable to Delta due to their 3rd party, applied cryptography audit—and the rest are obsolesced by the 2024 updates to the standard—RFC 9580, the so-called “crypto-refresh.”
Do you have any critiques that address the current state of the PGP protocol’s security?