= Plenary Sesssion - Improve OpenPGP Phil Zimmermann at the 2018 OpenPGP Summit == get rid of legacy * TLS 1.3 is huge improvement for TLS, got rid of legacy, i'd like to see the same things in OpenPGP * I am responsible for some of that legacy crap, i was young. CFB. * we should use most modern crypto. and only patent-free. (IDEA fail) * let's get rid of old stuff. * Poly1305 is nice * don't like GCM much == post-quantum-algorithms * Post-Quantom-Algorithms. it's in WireGuard. need to do the same thing in OpenPGP * It's a lot more work. OpenPGP is a mess. lots of implementations. let's improve it * I used to not believe in post-quanton a few years back. but when NSA started warning us that we should get ready, we should. If you don't trust them, get ready. If you trust them, get ready. * we need it now. we can't wait. * post-quantum keys can be huge, let's not transport keys but fingerprints and download them from servers * some keys in the NIST competition from three months ago are obscenely large * https://en.wikipedia.org/wiki/Post-Quantum_Cryptography_Standardization == use other channels for fingerprint verification * we do fingerprint verification, few other people do * ZRTP and Signal protocol in same client: [Silent Phone?] * lack of network effect in OpenPGP world. we still only have a few million PGP users worldwide. WhatsApp has 1.5 billion. we're doing something not right * DigiNotar catastrophe * PGP trust model is hard to explain to your mom or anyone really. we need to get past that * let's leverage other protocols that have alread successfully leveraged network effect * imagine if PGP public fingerprints could be transferred through WhatsApp/Signal/Wire, then transfer it to PGP client * get larger number of users * merkle trees, certificate transparency - these take much longer == Q&A * phil: bootstrapping PGP clients is even harder today, today most people are on mobile devices, these are locked down * phil: I don't use PGP any more. GnuPG can't import my private key. I can't make it work. I'm protected from EFAIL by inability. * Werner: We can import post-quantum-keys at any time. We only need to change the spec to allow keys larger 64K. * Vincent: Not that easy. Want to use a combination of different keys. * Phil: post-quantum into the protocol sounds simple, but … * Phil: less post-quantum signature algorithms. and they sucks. we could procrastinate a few more years on signature algorithms * Vincent: Who is "you" working on it? Phil: I for KPN, [C-U-Tel?]], Startpage. * Status? Phil: We need a clean, simple, limited protocol. Like TLS 1.3.