I was recently talking to a Thunderbird developer about API design.
In the course of that conversation, I expressed concerns about RNP,
the new OpenPGP implementation that Thunderbird has recently started
using in place of GnuPG. That person, skeptical about my assertion
that RNP’s API needs improvement, asked “Isn’t it subjective what a
better API is?” I’d agree that we don’t yet have good metrics to
evaluate an API. But, I disagree that we can’t judge APIs at all. In
fact, I suspect, most experienced programmers know a bad API when
they see it. Further, I think we can come up with some good
heuristics, which I’ll try to do based on my experience working on and
with GnuPG, Sequoia, and RNP. Then, I’ll take a look at RNP’s API.
Unfortunately, RNP’s API is not only easy to misuse, but it’s
misleading, and, as such, shouldn’t yet be used in a safety-critical
context. Yet, Thunderbird is relied on by vulnerable people like
journalists, activists, lawyers, and their communication partners who
need this protection. For me, this means that Thunderbird should
reevaluate their decision to use RNP.
Continue reading