|
|
|
|
|
|
by bigiain
2010 days ago
|
|
|
> Signal isn't just more convenient; it's also more secure than your PGP encrypted emails. Sure, but person to person email is not the only or even primary (for me) use case for GPG/PGP encryption. The second line of the linked article says: " ... and a program to verify detached signatures geared towards software distribution systems called sqv." - a use case for which Signal is completely useless. Signal is great for what it does, so long as you're prepared to accept it's current "needs to use real phone numbers and spams your Signal signup to everyone with your phone number in their contact list" behaviour. But keep in mind those are thew tradeoffs it's making for key distribution (and not everybody considers them to be "the right" tradeoffs). PGP/GPG ket distribution is a complete mess, which is why it's such a poor thing for cold-call person to person encrypted messages (even ignoring all the unencrypted metadata issues), BUT there's no way for me to use Signal in a bunch of scripts mailing database backups from servers, or to send intrusion detection notification emails, or to verify software repo downloads. Those are all areas where PGPs key distribution nightmare are not problems, and where PGP's "old school" long lasting keys are less of a problem. And there's _lots_ of those kinds of things in the world using PGP right now. new clean PGP implementations are a good thing for those - even though I'm not about to get all 1994 again and start emailing my friends using PGP... |
|
|