top | item 46412073

(no title)

What is the alternative to PGP for the specific use case of secure email? That doesn't mandate dealing with the X509 certificate bureaucracy?

discuss

tptacek|2 months ago

Don't encrypt email.

https://www.latacora.com/blog/2020/02/19/stop-using-encrypte...

teddyh|2 months ago

The only alternative suggested by the linked article is giving up email completely in favor of centralized solutions like Signal. My short answer is “no”. My long answer is: <https://news.ycombinator.com/item?id=45390332>

pseudohadamard|2 months ago

Something that doesn't require securing email. Both S/MIME and PGP were solutions for 1980s problems (TFA is slightly off about PGP's start date, the PGP design dates from 1987 and MSDOS, not the 1990s, and S/MIME via PEM is from 1986). They're pretty much irrelevant today because almost all email is encrypted anyway via StartTLS and if you need full end-to-end encryption you use Signal or something similar.

Natanael_L|2 months ago

What's your usecase here? Internal or external messaging?

pseudohadamard|2 months ago

Use case? We're crypto LARPing dammit, we don't need a use case!