Talk:Pretty Good Privacy

Former featured article candidatePretty Good Privacy is a former featured article candidate. Please view the links under Article milestones below to see why the nomination was archived. For older candidates, please check the archive.
Article milestones
DateProcessResult
June 2, 2004Featured article candidateNot promoted
edit

For something to have entered our "popular culture" - it is not enough for it to exist. We need verifiable reliable sources that specifically say something has entered our popular culture - that is, our public awareness. None of the items formerly listed in this section included any such indication. Hence these items were mere bits of trivial original research. By comparison, "Prada" has entered our popular culture not simply because a movie included the brand in its title but because numerous sources discussed this fact. Frankly, I doubt PGP has entered the realm of public awareness at all, let alone to the degree that a reliable source would actually publish an article about this fact. Rklawton (talk) 01:37, 17 June 2010 (UTC)Reply

That was a necessary and valid edit, backed with a sound argument that I shall probably steal for future use on other pages. Thanks! --Old Moonraker (talk) 05:35, 17 June 2010 (UTC)Reply
Your welcome. Sometimes I get lucky. Feel free to re-use as necessary. Rklawton (talk) 07:28, 17 June 2010 (UTC)Reply

Examples of signed messages and public keys would be good

edit

I believe it would be an improvement if the article had examples of public keys and signed and encrypted messages. --TiagoTiago (talk) 23:30, 23 June 2010 (UTC)Reply

Weasel words?

edit

Isn't "it is thought to be the most widely chosen quality cryptographic system" an example of weasel words? The whole "some people say..." or "it is believed that..." is supposed to be a no-no, isn't it? Thomascameron (talk) 02:29, 26 April 2011 (UTC)Reply

Written in

edit

The section "Written in" in the infobox should say which programming language was used. Right now it mentions a list of human languages which is pretty amusing. —Preceding unsigned comment added by UrbanGrill (talkcontribs) 19:50, 9 May 2011 (UTC)Reply

PGP Desktop

edit

PGP Desktop shouldn't be redirected here. PGP Desktop is a commercial Symantec product. — Preceding unsigned comment added by 129.6.182.179 (talk) 20:24, 4 August 2011 (UTC)Reply

Thats my opinion too. I tried to edit the reference; but i'm not very expirienced in wikipedia. The edit button reveals only a refence to a reference list :-( — Preceding unsigned comment added by 84.172.202.86 (talk) 06:04, 20 October 2014 (UTC)Reply

Android 9 103.67.157.162 (talk) 22:35, 3 June 2021 (UTC)Reply

Speculation in secton Security quality

edit

Speculations about the future, bordering to FUD: "Likewise, the secret key algorithm used in PGP version 2 was IDEA, which might, at some future time, be found to have a previously unsuspected cryptanalytic flaw. Specific instances of current PGP, or IDEA, insecurities—if they exist—are not publicly known." Is this relevant? Can hypothetical unknown future flaws be sourced today? (The two sentences was added 06:55, 16 October 2005 and 13:39, 25 October 2005 respectively) David A se (talk) 21:00, 6 October 2011 (UTC)Reply

Prices are relevant

edit

This article mentions many software systems, and many versions, but fails to state which are free and give approximate prices for those that are not free. Price is an important dimension for articles describing products that are sold or distributed. David Spector (user/talk) 19:02, 19 August 2012 (UTC)Reply

LICENSE?

edit

What is the license under which this program is released? Please add this to the infobox. 117.219.1.87 (talk) 17:12, 24 February 2013 (UTC)Reply

XKCD

edit

Be advised -- this article's subject was mentioned on XKCD.com. Not in a way that mentions Wikipedia or seemingly invites vandalism, but that webcomic + wikipedia seems to be a recipe for it. Jsharpminor (talk) 05:45, 4 March 2013 (UTC)Reply

key, fingerprint

edit

Many people (usually computer programmers) have a "PGP key" (a huge block of hexagesimal code) and a "PGP fingerprint" (a line of hexagesimal code). They often post these on their websites. Could someone please explain in the article what these mean and what they are used for? Thanks! BigSteve (talk) 11:16, 14 July 2013 (UTC)Reply

unclear for the unknowledgeable

edit

I read this and don't understand how it works, the article needs to show step by step how it works. Like, where does one get a public or private key or both, and how do you get them to people you're sending info to? The intro paragraph and first section "design" are completely opaque to the non technical user. — Preceding unsigned comment added by 207.195.92.130 (talk) 15:36, 1 August 2014 (UTC)Reply

I found this http://www.pgpi.org/doc/pgpintro/ to be much better than wikipedia to gain a basic understanding. Hope this info helps to improve wikipedia. — Preceding unsigned comment added by 207.195.92.130 (talk) 16:02, 1 August 2014 (UTC)Reply

Symantec Encryption Desktop (former PGP Desktop)

edit

The "PGP Corporation encryption applications" section mentions "Symantec Encryption Desktop" as the renamed follower of "PGP Desktop". However, it seems to me that this information is outdated already - "Symantec Encryption Desktop" seems to have been discontinued. The Symantec website only shows "Symantec Endpoint Encryption", which seems to be a full disk encryption only. If this were true, I think the article should reflect this. Kellerpm (talk) 10:46, 13 February 2015 (UTC)Reply

The other side of the coin!

edit

This article focus more on the upside of PGP and doesn't discuss the related issues/technical limitations that PGP has. This blogpost by Mr. Matthew Green highlights those issues well (which Mr. Bruce Schneier endorsed himself as well).

Therefore a separate section named 'PGP limitations' or 'PGP issues' describing the associated concerns with key exchange and management, no forward secrecy, downside of web-of-trust (few strong sets, ...), poor usability, lack of ubiquity etc should also be included.

This will duly help the readers in having a more balanced and fair understanding of PGP on the whole.

M Salman Nadeem (talk) 16:07, 14 December 2016 (UTC)Reply

I think this is a great idea. I also like the section name "PGP limitations" or something very close to it. Rklawton (talk) 17:59, 14 December 2016 (UTC)Reply
I agree; I just started the section with a small amount of content. Riceissa (talk) 03:49, 19 December 2016 (UTC)Reply

Split article into PGP (software) and OpenPGP (standard)

edit

OpenPGP is a hugely important standard with wide applications. I understand why this article may have begun as PGP and also talks about OpenPGP, but I think most people are coming to this page to learn about OpenPGP, its implementations, applications, limitations, etc, and are likely to be confused. The article as it now is poorly structured, and thinking about how ways to improve it is challenging when it really covers 2 separate areas. I propose moving OpenPGP to a separate article. 135.23.75.178 (talk) 03:46, 17 December 2017 (UTC)Reply

I agree. Artoria2e5 🌉 10:30, 16 February 2024 (UTC)Reply
I also agree that this could be split into two articles - Dyork (talk) 01:19, 22 April 2024 (UTC)Reply
I also agree. Would this work by someone just doing it? Or is there some other process that needs to be followed? Guillem Jover (talk) 22:07, 2 August 2024 (UTC)Reply

Official Website

edit

It doesn't look like that link has been active in years, as Symantec took it down back in 2011 according to the Wayback Machine. Should this be noted on the page? Is there a better link at Symantec or elsewhere that should now be used? Indefensible (talk) 08:11, 1 January 2019 (UTC)Reply

linkaja.co.id 114.10.143.123 (talk) 07:48, 11 December 2023 (UTC)Reply

Criminal Investigation Controversy

edit

I had an association with PGP so I am not editing the site. However, below is the note clearing Phil and dropping the investigation from William Keane, US Attorney. This note is public and not attorney client privileged. I would suggest some way this meaningful message (verbatim) gets worked into this section as it is an important part of PGP history and cryptography history:

Philip L. Dubois - "Yesterday morning, I received word from Assistant U.S. Attorney William Keane in San Jose, California, that the government's three-year investigation of Philip Zimmermann is over. Here is the text of Mr. Keane's letter to me":

"The U.S. Attorney's Office for the Northern District of California has decided that your client, Philip Zimmermann, will not be prosecuted in connection with the posting to USENET in June 1991 of the encryption program Pretty Good Privacy. The investigation is closed."[1] PKIhistory (talk) 20:58, 26 August 2020 (UTC)Reply

I added a mention that the investigation was dropped in 1996. --Artoria2e5 🌉 11:54, 16 February 2024 (UTC)Reply

Purchase of Symantec by Broadcom

edit

This needs to be added. Additionally, I think the latest version is 11.4, not 11.2. — Preceding unsigned comment added by Egamma (talkcontribs) 18:05, 8 June 2022 (UTC)Reply

Done 11.4 thing. Artoria2e5 🌉 10:50, 16 February 2024 (UTC)Reply

References

Cryptosystems using keys larger than 40 bits

edit

The article says: "At the time, cryptosystems using keys larger than 40 bits were considered munitions within the definition of the US export regulations;". Is there any source for this claim? Mago Mercurio (talk) 03:23, 20 May 2023 (UTC)Reply

Well, it's a well-known fact that affected a lot of software and protocols (cf. export cipher suites in SSL/TLS) so we actually have a whole separate article Export of cryptography from the United States which is already linked from the sentence you quoted. Unfortunately, it has long-standing problems with the quality of citations itself. – MwGamera (talk) 10:48, 20 May 2023 (UTC)Reply

NostrMail solves the key distribution problem

edit

NostrMail solves the key distribution problem:

A simple email encryption tool based on secp256 key pairs.

How it works:

NostrMail encrypts content using a symetric key derived from a combination of the sender's private (nostr) key and the receiver's public (nostr) key.

Both sender and receiver derive a shared secret known only to them, which is used to protect their communications.

This application can use any email server for delivery.

https://asherp.github.io/nostr-mail/

Family Guy Guy (talk) 21:02, 17 September 2023 (UTC)Reply

🌝🛡️🗝️🔑🔐🔏🔒🔓 Fehgho (talk) 18:42, 8 November 2023 (UTC)Reply

Split proposed

edit

I agree with the IP in #Split article into PGP (software) and OpenPGP (standard): the current article tries to describe both PGP and OpenPGP, which is difficult and messy. A lot of the stuff in #Limitations describe some other OpenPGP implementation too: Yubikey has never worked with Symantec PGP as far as I know. Matthew Green's scalding criticism also deals with OpenPGP; he just uses "PGP" because the name is shorter.

I doubt most of the people here will ever use the current Symantec/Broadcom form of PGP -- it's enterprise focused, where are you even going to get it? Artoria2e5 🌉 10:49, 16 February 2024 (UTC)Reply