Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

a) The key management UX is even worse than GPG, at least IME.

b) If you're willing to trust the CA system the advantages of using email rather than any transport-encrypted messenger (e.g. facebook messenger) seem decidedly marginal



You control which CAs you anchor your trust to locally. Additionally, the encryption part isn't tied to the CA system -- you encrypt directly with the public keys of your recipients. You can use the CA system to validate that the public key belongs to someone validated by some attributes -- certificates are used for this.

The US Federal Government (FPKI) and US Department of Defense (DOD PKI) use S/MIME heavily.


> You control which CAs you anchor your trust to locally.

Theoretically, but doesn't it tend to use the same OS infrastructure as HTTPS?

> The US Federal Government (FPKI) and US Department of Defense (DOD PKI) use S/MIME heavily.

Indeed, but they are in a position to trust the US government (and more generally the international governmental system).


>Indeed, but they are in a position to trust the US government (and more generally the international governmental system).

Not sure what trusting the government has to do with it, it has to do with trusting the CA system that's set up on the computer.


> Not sure what trusting the government has to do with it, it has to do with trusting the CA system that's set up on the computer.

Almost all computers ship with a bunch of governments set up as trust roots. It's not impossible to change this, but it's impractical for all but the largest organizations.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: