Hacker News new | past | comments | ask | show | jobs | submit login

All of my friends who work in crypto loathe PGP. None of them mention the implementation as their primary area of concern. Some of them mention the implementation as an unsurprising sequela to the kitchen sink of “capabilities” PGP attempts to cover. It has, by design, a nearly fractal surface area for users to compromise their security and for developers to make subtle implementation errors.



If you want to do store and forward messaging on a federated network then PGP is pretty much it.

So if all those cryptographers don't like it then they should design something better. It is unlikely they will be able to come up with something simpler.


I wish Autocrypt(.org) would be PGP's future. Zero conf, only syncing keys between devices is something you'd have to do manually.

Those six trust levels, what were they smoking?


The fractal surface area of PGP is why it has continued to enjoy such widespread adoption. People need to secure their messages and other systems are far too ridged or specialized for their needs.

Is PGP/GnuPG's horable to use or develop for? Absolutely. However, unless your friends are willing to step up and build something that's flexible enough to cover all our usecases, PGP will continue to see adoption and projects like this will continue to pop up.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: