undefined | Better HN

0 pointszahllos8y ago0 comments

> Wow...I'm sort of shocked that wasn't a v1.0 consideration.

Given that you need to pass --expert to gpg 2.1 as of right now to even generate an ECC keypair for PGP use (nor use one on an OpenPGP smartcard or yubikey), I can sort of forgive the lack of ECC in 1.0. I don't think it sees wide usage for PGP keys (some clients don't support it, also).

However, as of the last time I tried Protonmail (about 10 minutes ago to check this is all still true) you can't: revoke/reissue your PGP key, validate outside signatures (either on encrypted messages or signed, plaintext messages) or send pure-PGP mail to users outside of protonmail (there's an encrypt for non-protonmail users option, that sends a link instead). Essentially as another commenter has said, you can't really do PGP with ProtonMail.

0 comments

jlgaddis8y ago

I don't use ProtoMail but it sounds like they are "managing" users' private keys!? Am I understanding this correctly? ProtonMail has access to their users' private keys? And they are using web-based encryption, delivered via JavaScript?

And people trust them!?

bartbutler8y ago

This is about to change dramatically.

j / k navigate · click thread line to collapse