undefined | Better HN

0 pointsbrians6y ago0 comments

You don’t. But you don’t with PGP either: bad crypto primitive defaults, no header protection including From or Subject or Reply-to, bad typical UI showing up authenticated text/plain in with authenticated parts.

The case where I still use PGP is receiving reports of bugs from unaffiliated researchers, and I should replace it with a form on an HTTPS web site.

0 comments

upofadown6y ago

>no header protection including From or Subject or Reply-to

This is email, not IM we are talking about. There is no good way to do that without a lot of added complexity and hassle once the email ends up in your archive.

>bad crypto primitive defaults

If you mean forward secrecy then see the proceeding comment.

UncleMeat6y ago

Its not forward secrecy. Its literally that the default ciphers and modes for PGP are a mess and it is so configurable that it is full of footguns.

kjs36y ago

I'm missing the email header issues, unless I'm trusting PGP public keys without any thought. If someone forges an email to me, has a PGP encrypted message in it, it doesn't validly decrypt unless my crypto discipline is already so lax I'm going to have issues with any system.

j / k navigate · click thread line to collapse