Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The problem with GPG integration IMHO is not technical, it's practical: Most people (as it happens with tor) do not understand how it works and more specifically why it should work that way to avoid snooping and MiTM attacks. Until we solve that part, Pretty Good Privacy, won't work for most people.

As Einstein said: "Things should be made as simple as possible, but not simpler". By making PGP simpler, you're effectively killing it by adding more and more attack vectors.



Oh, I agree with that wholeheartedly. I bet you could make a 'serious looking' guide like this:

https://wiki.debian.org/Keysigning

And add a few instructions like "now email your private key to ..." and people would just go through the motions and do it.

Still though, adding to the traffic out there would probably help - at least a little bit - privacy efforts.


Keybase are doing something cool for keysigning - https://keybase.io/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: