4·
2 days agoPersonally I’d love to see more wider usage of S/MIME and/or PGP. What I take issue with actalis, is that they don’t just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer. To me a key that wasn’t always in your possession is basically compromised from the start.
(Although, I am also using protonmail’s pgp, which arguably violates this rule as well, their transparency is more trustworthy to me. )
Those are some very good points. Some even eye opening to me. It seems that my viewpoint probably was a bit skewed as the email encryption I mostly deal with is between businesses as part of my day job. I guess, in that context things like the meta data issue are known but accepted as the relationships between parties in most cases are public knowledge and companies may have to keep records for LE/regulatory bodies anyway. I can also see how quite a bit of it could be considered performative.
I hadn’t considered much that advocating for encrypted email outside of that context could keep people from using the right tool for their needs and possibly hinder acceptance of better choices.
The PGP article also made me roll my eyes a bit, as one of our vendors still doesn’t support ECC keys today. The last reason communicated being that the relevant RFC was only a draft.