undefined | Better HN

0 pointsnailer10y ago0 comments

> The problem runs deeper than UX in plugins for mail clients.

UX runs deeper than software interfaces.

> Identity and key management is really the underlying issue

Yes, that's a UX issue.

So:

- Get GPG key from Facebook (which has them as part of the standard profile today)

- Say to person: you should contact this person by a means you trust and confirm this is their key (since we don't trust anyone by default).

- Once they click OK, they can now send messages to that person.

Nothing stopping other mainstream sites from adding GPG, it's jus that FB is the only one I know of. Obviously GitHub doesn't count since most people aren't software developers.

0 comments

zbyte6410y ago

Which brings us back to trusting a 3rd party to not tamper with the key exchange...

nailerOP10y ago

Well yeah, that's why I addressed it in the post you're replying to. Offline key confirmation is still the best bet for most people, it's just that people don't use it because they don't use crypto because crypto tools are awful.

j / k navigate · click thread line to collapse