Can you find a single practicing cryptographic engineer who will go on the record as saying that PGP (in any of its incarnations) and email is better than Signal Protocol for message encryption?
If one is going to be paranoid, then one should at least be consistently paranoid.
v1 of the internet as used now seems wildly naive of state surveillance.
v2 may be better, but if most traffic goes encrypted, then there are going to be a lot more attacks (both legal and extra-legal) against the nuances of implementations.
v2 is certainly an improvement on v1. But one of the reasons v1 was deployed is because we believed things like "The US government would never tap traffic at the backbone" or "The US government would never tap private links between data centers."
Valuing both, I think it's important to keep eyes on the future so in 10 years we don't look back on statements like "The US government would never compell Google / Microsoft / Facebook / Whisper to distribute a poisoned version of their application" with the same amount of surprise.
I don't understand what this has to do with whether we should use risky, leaky cryptosystems like PGP over things like Signal that were designed specifically to deal with these threats.
I'd agree with the top of Unman's comment about striving for more, while disagreeing with the bottom.
Signal is better than PGP.
Running crypto without PFS in this threat environment is an irresponsible bet to make with data.
My point was that failing to continue to maintain vigilance, even if it sounds paranoid, is also irresponsible. Unless one is willing to be that we have a perfect crypto system, some amount of humility (as evidenced by Moxie's speech) is warranted. Else we'll be talking about Signal in 20 years in the same way we're talking about PGP.
Signal is a system designed always to be encrypted with no plaintext opt-out, with secrets that change automatically over the life of a conversation (which could last years) so that a single point-in-time loss of secrecy has minimized damage, with no exposed message metadata so you can't accidentally betray your conversation with a dumb subject line, and with deniability so that someone wiretapping you can't cryptographically prove you to have said anything.
