> I think it would be good to read this post remembering that Moxie is competing with OpenPGP with his Signal app.
No, this is incorrect, for several reasons.
1. Signal and OpenPGP have substantially different intended use cases. OpenPGP is a protocol for encrypting and signing fully offline, asynchronous messages using only public-key encryption and digital signature schemes such as RSA and DSA, respectively. Signal is an OTR-based protocol for both asynchronous and synchronous messaging. You can send something that looks like email using Signal, but you cannot natively use OpenPGP for encrypted instant message, voice calls or video calls.
2. Due to these differences, OpenPGP and Signal also have substantially different features. OpenPGP is not only intended for asynchronous messaging: it cannot be used for synchronous communication from a purely technical perspective. OpenPGP does not have a native system for symmetric encryption or key exchange, which means it cannot establish or maintain a secure channel efficiently. Therefore by necessity OpenPGP is slower and has higher latency because it can only natively implement public-key encryption for communication, and users must manually supply the rest. Signal's cryptosystem is much more sophisticated, and incorporates mechanisms for public-key encryption, digital signatures, private-key encryption and key-exchange.
3. Aside from just supporting synchronous communication, Signal's larger cryptosystem scope allows for security guarantees beyond the basic trifecta of confidentiality, authentication and non-repudiation that OpenPGP cannot provide. For example, Signal's protocol provides perfect forward secrecy and message delivery notification. You could only do this using OpenPGP by manually handling key exchange, then manually pre-sharing sufficiently large secret keys, or doing a new key exchange for each communication.
Furthermore, Signal is an open protocol much like OpenPGP, and in that sense doesn't "compete" with any other protoco. I use both Signal and GPG, and I'm not affiliated with Signal; that said what I'm trying to convey here is that OpenPGP has significant technical limitations that make it basically ineligible for being fairly compared with Signal (or any other similarly sophisticated messaging cryptosystem). Moxie and Perrin didn't really have to "compete" to get the Signal Protocol adopted at a massive scale by Google and Facebook - from a technical and usability perspective it enables secure communication that OpenPGP simply doesn't.
> You can send something that looks like email using Signal, but you cannot use OpenPGP for instant messaging or phone calls.
Of course you can use OpenPGP in IM [0] but as you note it won't have perfect forward secrecy and has some disadvantages but could you show me how to send an e-mail through Signal?
No, this is incorrect, for several reasons.
1. Signal and OpenPGP have substantially different intended use cases. OpenPGP is a protocol for encrypting and signing fully offline, asynchronous messages using only public-key encryption and digital signature schemes such as RSA and DSA, respectively. Signal is an OTR-based protocol for both asynchronous and synchronous messaging. You can send something that looks like email using Signal, but you cannot natively use OpenPGP for encrypted instant message, voice calls or video calls.
2. Due to these differences, OpenPGP and Signal also have substantially different features. OpenPGP is not only intended for asynchronous messaging: it cannot be used for synchronous communication from a purely technical perspective. OpenPGP does not have a native system for symmetric encryption or key exchange, which means it cannot establish or maintain a secure channel efficiently. Therefore by necessity OpenPGP is slower and has higher latency because it can only natively implement public-key encryption for communication, and users must manually supply the rest. Signal's cryptosystem is much more sophisticated, and incorporates mechanisms for public-key encryption, digital signatures, private-key encryption and key-exchange.
3. Aside from just supporting synchronous communication, Signal's larger cryptosystem scope allows for security guarantees beyond the basic trifecta of confidentiality, authentication and non-repudiation that OpenPGP cannot provide. For example, Signal's protocol provides perfect forward secrecy and message delivery notification. You could only do this using OpenPGP by manually handling key exchange, then manually pre-sharing sufficiently large secret keys, or doing a new key exchange for each communication.
Furthermore, Signal is an open protocol much like OpenPGP, and in that sense doesn't "compete" with any other protoco. I use both Signal and GPG, and I'm not affiliated with Signal; that said what I'm trying to convey here is that OpenPGP has significant technical limitations that make it basically ineligible for being fairly compared with Signal (or any other similarly sophisticated messaging cryptosystem). Moxie and Perrin didn't really have to "compete" to get the Signal Protocol adopted at a massive scale by Google and Facebook - from a technical and usability perspective it enables secure communication that OpenPGP simply doesn't.