The reason has been mentioned several times: gnupg allows (and is often used for) streaming decryption of very large streams. You cannot fail early in that use case. You could try to chunk things up, but PGP is old and hindsight is 20/20.
I don't think anyone is arguing that PGP is the pinnacle of modern crypto design, but the amount of FUD surrounding this disclosure is just terrible.
-
-
I would have been perfectly fine having a sensible discussion of PGP's pitfalls and security gotchas, but what we got was "UNINSTALL ALL PGP EMAIL SUPPORT NOW!!1!" (and a paper which doesn't even acknowledge standard mitigations like, you know, not allowing remote content).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.