Hacker News new | past | comments | ask | show | jobs | submit login

GPG is not a standard, the standard is OpenPGP.

As for the tools, they seem very easy, especially engimail which IS 1-click setup.

> add generic messages about encryption in alternate mime content bodies and simply encode the encrypted messages into it's own

This is exactly what it is doing. PGP/MIME is a thing.




Enigmail is far from friction free and no 1-click setup. I still have to go through key generation last I checked. And then publish those keys or give them to friends.

If PGP/GPG wants adoption they need to eliminate those friction points, a TOFU model with automatic key redistribution should lower friction sufficiently but except TOFU there isn't much development in that direction.

>This is exactly what it is doing. PGP/MIME is a thing.

I don't think I ever received a single PGP/MIME email. I don't think a lot of people use PGP/MIME. It's a niche setting for a niche software.


Your desire for "a TOFU model with automatic key redistribution" is well-founded, and people (including implementers) are trying to do something about this. Check out the Autocrypt project:

https://autocrypt.org/

A similar (and complementary) approach is outlined in RFC-7929:

https://tools.ietf.org/html/rfc7929

which is supported by GPG and a few email providers.


> the standard is OpenPGP

The standard is PGP. OpenPGP is an implementation.


No. OpenPGP is the standard.

PGP and GPG are implementations of this standard.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: