Hacker News new | past | comments | ask | show | jobs | submit login

> PGP is still fucking awesome and should always be used for any sensitive communication (best case scenario: all for every contact you can get to use it) - in addition to secure providers and all the other stuff we should be doing.

Sorry, I actually live in the real world, not whatever fantasy land the author comes from.




I once had x509 email cert and I am yet to find a bank/government office/company/another software developer that could use it. PGP is even worse, software support is non-existant, etc.


Most Government departments can support receiving and validating such certs now because they are using Exchange/Outlook, even if they don't know it. The funny part is when they modify emails with "THIS IS AN EXTERNAL SENDER", breaking the cert, and users just click through because the are used to it.


Some open source projects that communicate primarily via email do make use of PGP signatures. Sourcehut has guidelines around how to use them on their lists and the aerc email client supports sending them and has a keyring for validation.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: