Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How does PGP solve this?


PGP isn't an end-to-end encryption service; it's a public-key encryption package.

To clarify macintux's statement, you can only guarantee end-to-end encryption will both remain secure and allow your messages to be read if you control both ends. If you do not control the other end, but you give it the ability to decrypt your messages (and thus let them be read), then whoever does control the other end can save the plaintext, post it elsewhere, and generally do whatever they want with it.

To be "end-to-end encrypted", something has to actually be a service you are using, not merely a method of encryption. An end-to-end encrypted service could use PGP if it wanted (AFAIK), but PGP, in itself, is just a way for you to encrypt your messages, and then, optionally, share your public key to allow them to be decrypted by those you give it to, while also guaranteeing that those messages came from you (as long as you have kept your private key safe).

So I'm afraid your question, as it stands, doesn't really make sense, but I hope this has helped to answer the underlying questions for you.


No, his question makes perfect sense and your response doesn't really make any. End-to-end encryption doesn't imply encryption from one end of the universe to the other. It is what it says on the tin: encryption from one end to another. Your message is insecure beyond the the other end.

That is true both for PGP encrypted messages as well as iMessage messages. There's nothing on iPhones or Macs actually protecting your decrypted messages. Most of the on device security is optional and your messages, photos and files can be copied and shared anywhere in plain text.


PGP makes no claims of being an "end-to-end encrypted service", because it's not a service. It's an end-user product. It doesn't have to "solve this" problem, because that's not what it's for.


You keep saying "service" when no one asked anything about services.

The question in this thread is whether iMessage can offer secure interop. The answer is yes. They just need to use an open protocol and that protocol can use tools like PGP to encrypt messages end-to-end.

Your claim that both the sending and receiving application need to be "controlled" by some entity for it to have "real" end-to-end security is non-sense.


The statement, from macintux, was "End to end encryption can only be guaranteed if you control both ends.".

The question, from tomrod, was "How does PGP solve this?"

Nothing to do with iMessage. I was answering a specific question on a tangent thread. If you want to argue with me about iMessage, go to one of the posts I've made about that on this article. This thread is about PGP.


Well you sure know how to dodge being wrong I'll give you that. Even ignoring the thread context, your comments on end to end encryption and PGP are woefully misinformed so we can just leave it there.


Ah, so now "not talking about what you wanted me to be talking about, because that wasn't the subject of this subthread" is "dodging being wrong."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: