[brians]

You don’t. But you don’t with PGP either: bad crypto primitive defaults, no header protection including From or Subject or Reply-to, bad typical UI showing up authenticated text/plain in with authenticated parts.

The case where I still use PGP is receiving reports of bugs from unaffiliated researchers, and I should replace it with a form on an HTTPS web site.

[upofadown]

>no header protection including From or Subject or Reply-to

This is email, not IM we are talking about. There is no good way to do that without a lot of added complexity and hassle once the email ends up in your archive.

>bad crypto primitive defaults

If you mean forward secrecy then see the proceeding comment.

[UncleMeat]

Its not forward secrecy. Its literally that the default ciphers and modes for PGP are a mess and it is so configurable that it is full of footguns.

[kjs3]

I'm missing the email header issues, unless I'm trusting PGP public keys without any thought. If someone forges an email to me, has a PGP encrypted message in it, it doesn't validly decrypt unless my crypto discipline is already so lax I'm going to have issues with any system.