Question: how can we help more people use OpenPGP?

Posted by dkg on Fri 15 Jun 2007 at 11:01

I use gpg and other associated OpenPGP infrastructure a lot these days, but it's taken me a long time to get up to speed with it. The growing use of gpg across the debian project (including the introduction of OpenPGP-signed APT repositories) has helped me immensely. I have friends and colleagues who use OpenPGP systems to varying degrees (including some not at all). Some of the folks who use it rarely (or not at all) are interested in learning more. I'd like to help the system spread, as i think it's the best infrastructure we have for seeing real decentralized, end-to-end cryptographic communications.

What's a good way to help people learn the ins and outs of the system? Which ideas of the architecture are crucial to understand, and which ones can be glossed over in an introductory/bootstrapping session without starting bad (insecure) habits?

I have a selfish motive for this as well, of course: i want to be able to communicate securely with more people, and i want to be able to do it with free tools. The more people who adopt this reasonable, functional, free infrastructure (even if they're not using debian, or committed to free software principles), the more powerful our free tools will be.

I'm looking for advice that's tailored to different kinds of beginners. Some of us like knowing the full details of the relevant RFCs. Others would prefer a "click this button and your messages will be secure" kind of approach. But these angles are too extreme: the former takes time and energy that legitimately busy people don't have, and the latter isn't thoughtful enough to be terribly trustworthy.

Theory

Most non-technical beginners probably start pretty close to the "click this button" perspective, and need a bit of philosophical orientation to start using the tools well. For example:
  • What is trust?
  • What does 'secure' mean to you?
  • What threats are you trying to defend against?
  • How can we imagine a system that might be 'secure' over long distances or times?
I'd love to find good sources of this kind of material that are engaging and concise. Do you have a favorite web page that made the ideas "click" for you, even if it didn't tell you technically how to proceed? What made it good?

Philosophical suggestions

Here's some resources i've found about the theoretical why and how of OpenPGP. If you have other good links, please share!

Practice

For some learners, good philosophical material alone is what they need to pick up the way the system works (though they'll need to learn the specifics of a tool if they want to use it). For others, the same theoretical material is best digested by comparing the ideas to a concrete tool as they work through it. For non-technical users, this probably means a software tool with a GUI. What good GUI frontends to the OpenPGP infrastructure are out there that would help interested users explore the new ideas? Which tools won't overwhelm them or encourage bad habits? Do you have a favorite tool, or one that highlights features that you think are crucial?

As for my own learning style, i like to experiment when i'm learning something new. OpenPGP can be a little intimidating in this regard, because making a key and certifying it as your identity is kind of a big deal: you don't want to change your identity too often, so it feels important that it be done right the first time. How can we encourage experimentation with these tools without encouraging an explosion of throwaway keypairs, cluttering public keyservers, or building a culture where people expect identities to change frequently or without review?

Tool suggestions

Some tools i've seen that are more or less useful:
  • GnuPG (a.k.a. gpg) is of course the canonical free implementation of the OpenPGP standard. Users of debian and debian-derived systems can of course just apt-get install gnupg. Non-debian users might need to download binaries for their systems.

    But gpg isn't a terribly friendly user interface, even for those of us with command line experience. It's a very powerful, very configurable tool, but it can be a little overwhelming. Not necessarily the best interface for a beginner to learn/experiment with, but probably necessary as an underpinning for many other free tools with more beginner-friendly UIs.

  • Enigmail is a plugin for the Thunderbird e-mail client (known as Icedove on debian). It requires an external installation of gpg. Version 0.95.0 significantly simplified the default interface, making it much less intimidating for a beginner. 0.95 is in debian unstable as of this writing.
  • Gpg4win is a complete GPG package for windows which includes a plugin for MS Outlook (2003 or later) and the windows file explorer. If yer stuck in the 'doze, it might be helpful. I haven't tried it, and i don't know what the UI is like. Anyone have any recommendations?
  • Seahorse is a GNOME-based OpenPGP (and SSH!) key manager and agent. It includes a lot of neat GUI tools to hook into the underlying capabilities of gpg, and to help think about the web of trust.
  • GPA is a GUI frontend distributed by the gpg folks (and debian, of course). i find it difficult to use if you don't already know what you're doing, which makes it not so good for beginners. But if someone wants to show me how beginners can use it simply, i'm happy to learn!
Did i miss your favorite tool? Please speak up!

Conclusion

We have a technically-capable toolset for decentralized, authenticated communication. It exists, it works, and it's been in debian for years! The problem is, as Harald Alvestrand put it:
Deciding who to trust is a complex problem. It is not solved, and will be a problem for years to come.
What can we do as supporters of free infrastructure to help others learn how to use these tools? What can we do to help people understand the tools well enough to make their own decisions about who to trust? And how can we encourage the spread of truly free infrastructure so that these decisions aren't compromised by the tools they depend on?

 

 


Posted by ajt (204.193.xx.xx) on Fri 15 Jun 2007 at 12:32
[ Send Message | View Weblogs ]
The KDE email client kmail supports gpg out of the box on Debian. There is also the kgpg front end to gpg, which also works out of the box on Debian. Both of them seem to work will with the standard gpg backend.

My LUG uses the following as a protocol for key signing: http://www.hants.lug.org.uk/cgi-bin/wiki.pl?LinuxHints/KeySigning

--
"It's Not Magic, It's Work"
Adam
0x166C4BF0

[ Parent | Reply to this comment ]

Posted by Anonymous (130.243.xx.xx) on Fri 15 Jun 2007 at 12:59
With the number of people using Gmail these days, it seems FireGPG should be on the list:

http://firegpg.tuxfamily.org/

Not sure if the result of using that is really standards compliant, though, or if that would be possible with Gmail.

[ Parent | Reply to this comment ]

Posted by Anonymous (62.203.xx.xx) on Mon 18 Jun 2007 at 20:09
(I'm one of FireGPG's developper)

No, for the moment it's not standards compliant for Gmail, but we're working on this, and in 1 or 2 weeks it's will be !

Thanks for you're comment !

[ Parent | Reply to this comment ]

Posted by Anonymous (193.138.xx.xx) on Fri 15 Jun 2007 at 13:01
in my opinion, with adoption of gpg it's a problem of businesses willing to take it, not single users. once the user base reaches some critical base, it's a mess because of:
1. key sharing / exchange - the server should integrate into Outlook / other client to work for users in large firms so when I send e-mail to John Smith (employee id#: 3241234), it chose his public key for me, when I choose to send my email to the group of 10 people, it can be too much of problem to choose 10 keys manually
2. auto-ciphering - the client needs to provide security means of encrypting using not only receipients' public keys but also sender's public key (immagine the question: 'have I sent the right attachment or the wrong one?') and - for large firm - also with the public key of keyserver's autority (immagine the CEO coming to helpdesk, stating: 'I forgot my ke password, can you recover my emails?')
3. key backward compatibility when revoked (immagine trying to read your old emails when the old key is expired / deleted from server)
4. private key safe storage (it is quite a problem for shared desktop computers that can have several users or in case of migrating employees, who each day can sit in a different location - web folders might be a solution, but how do you interate it with openpgp server and signing / decrypting data)
I'm not against (I use gpg heavily), I just work for a firm that's too large for a decentalized, requiring user education environment, and I'd really much like to have an open solution that could be adopted.

[ Parent | Reply to this comment ]

Posted by wuzzeb (64.5.xx.xx) on Fri 15 Jun 2007 at 22:56
[ Send Message ]
I also use the GNOME encryption applet (I think it gets installed as part of Seahorse) which encrypts text from the clipboard.

You copy some text, click on the applet, select the recipient, and it shows the encrypted GPG text. It is a lot faster than using any of the other clients, having to save a file somewhere and such.

[ Parent | Reply to this comment ]

Posted by dopehouse (84.131.xx.xx) on Sat 16 Jun 2007 at 09:47
[ Send Message | View dopehouse's Scratchpad ]
Last year I started to build a tool, which mades it easy to use OpenGPG via a GTK+ Frontend. At the moment, it's possible to en-/decrypt text and files. Key management isn't implemented yet. I'm very busy at the moment and don't have much time to spend more time into development of the tool, but it's not abandon. You can find it here http://gpg-crypter.sourceforge.net/

[ Parent | Reply to this comment ]

Posted by Anonymous (87.234.xx.xx) on Sat 16 Jun 2007 at 10:15
There's a project for German speaking users which tries to introduce email encryption to unexperienced users. It's called CryptoCD and provides all the necessary software and step-by-step documentation.

[ Parent | Reply to this comment ]

Posted by Anonymous (89.204.xx.xx) on Wed 20 Jun 2007 at 15:05
The CryptoCD is also about instant messaging and the tor network. But unfortunately only in German. Would be nice to have a translation.

[ Parent | Reply to this comment ]

Posted by dkg (216.254.xx.xx) on Wed 15 Aug 2007 at 16:07
[ Send Message | View dkg's Scratchpad | View Weblogs ]
I just found a rather dated PGP tutorial from the group Working to Halt Online Abuse.

It's good to see that some people are approaching PGP from the user's side with a concrete goal in mind (helping people defend themselves against electronic harassment and stalking). Wish they had more up-to-date resources, though.

[ Parent | Reply to this comment ]

Posted by Anonymous (81.223.xx.xx) on Fri 31 Aug 2007 at 12:58
use cacert.org S/MIME certificates.

s/mime is supported by all mail clients I know and cacert already has it's root cert in nokia cellphones (i think firefox, opera also) is struggling to get into several others (among them MS) but they just haven't enough money to go thru all the certifications.

[ Parent | Reply to this comment ]

Posted by dkg (216.254.xx.xx) on Fri 31 Aug 2007 at 22:36
[ Send Message | View dkg's Scratchpad | View Weblogs ]
S/MIME has a different set of properties than OpenPGP. I think i prefer OpenPGP, too: i don't trust centralized certificate authorities much; their incentives for proper/secure behavior are pretty weak, and even if a specific one happens to be trustworthy and security-minded at the moment (cacert.org appears to be both right now to me), i don't want to put all of my eggs in one basket, since there are many ways to compromise a CA (many of them are social or legal attacks, and have no technical defense; i'm not claiming that cacert.org has bad tech infrastructure -- i don't know enough about them to know one way or the other). I prefer a web of trust angle, and afaik, S/MIME can't accommodate that, right? isn't it locked into the X.509 certificate standard? that standard allows only one signing authority per certificate. Even if that authority is cacert.org, which has a distributed model to decide what to grant, it's a poor substitute for a truly distributed, decentralized web of trust.

[ Parent | Reply to this comment ]

Sign In

Username:

Password:

[Register|Advanced]

 

Flattr

 

Current Poll

Which init system are you using in Debian?






( 1604 votes ~ 7 comments )