Hacker News new | ask | show | jobs
by _8j50 2362 days ago
We need a protocol/scheme that other things can adopt much more than a tool. There will always be a reason why someone can't use a tool,but with an encoding/scheme/protocol you can push for different things to use it.

To give an example, I was in a work situation more than once where an external party wanted to transfer files to or from our company and I was suppose to help find a standard tool/method. The only (and I mean only) way right now is pgp due to it's ubiquity with s/mime on email being second. We do need great tools like this but we need them to where if I can't use it due to license,policy,etc... Issues i can use a separate compatible tool.

So, My only suggestion to the author is to please make a fixed and versioned standard out of the scheme.
2 comments
tptacek 2362 days ago
A protocol for what? To send messages securely? We have that. To do deduplicated mass backup? That exists, too. To securely transfer files? We have that as well. Each of these problems makes their own demands on cryptography and deserves their own purpose-built cryptosystem, which is why Signal looks like Signal, and not a naive message bus over which we push PGP-encrypted records.

The point of `age` is that when you subtract out all these use cases from PGP and leave just the file encryption problem, PGP still sucks, and sucks way out of proportion to how complicated file encryption is.

So instead of bringing all of PGP's bloat, 1990s cryptography, and misfeatures to bear on that simple problem, we just get a simple, modern tool optimized for that one problem.

link
jonahx 2362 days ago
> The point of `age` is that when you subtract out all these use cases from PGP and leave just the file encryption problem, PGP still sucks, and sucks way out of proportion to how complicated file encryption is.

For clarity: Is this an endorsement of `age`?

link
tptacek 2362 days ago
`age` is awesome. We wrote something almost identical to `age` internally at Latacora that has some features `age` doesn't have (encrypting optionally to KMS keys, and managing encrypted DMGs), and I'm going to kill that tool off and add those features to a local fork of `age` instead.
link
FiloSottile 2361 days ago
You'll be happy to know that the spec [0] existed even before the tool, and that there are already two implementations developed from the spec [1]!

[0] https://age-encryption.org/v1

[1] https://github.com/str4d/rage

link
_8j50 2361 days ago
Thank you, that's all my original comment was about. If the spec exists, I can for example write a client that works with it under a different license/language.
link