> "consensus"? a few blog posts about some bad user experience with GnuPG / the PGP ecosystem is, at best, just an (re)emerging topic on HN, not the end of email encryption.
Well, tptacek is himself an expert. As he's the founder of a successful security consultancy who has friends among academic cryptographers, I took his comment to mean the belief among himself and his peers.
It's ultimately an appeal to authority, but it's a useful data point. Maybe there are different "circles" of security/cryptography experts, and tptacek runs in a different one from others who haven't given up on email, but I suspect he would have said that if that's the case.
>As he's the founder of a successful security consultancy who has friends among academic cryptographers, I took his comment to mean the belief among himself and his peers.
Security consultants are who you should trust the least when dealing with security. They aren't interested in reliable, easy-to-use and widespread security. They are interested in difficult, interesting security that breaks and needs consultants.
And all developers purposefully write spaghetti code while sysadmins hide passwords and secret configurations, all for job security.
Do you truly believe everyone is so cynical? Of course there are some bad actors, in all jobs and all domains. But not everyone—I'd argue the majority of people—are just out to screw everyone else.
Well, tptacek is himself an expert. As he's the founder of a successful security consultancy who has friends among academic cryptographers, I took his comment to mean the belief among himself and his peers.
It's ultimately an appeal to authority, but it's a useful data point. Maybe there are different "circles" of security/cryptography experts, and tptacek runs in a different one from others who haven't given up on email, but I suspect he would have said that if that's the case.