|
|
|
|
|
|
by smoldesu
1754 days ago
|
|
|
> But the biggest problem with PGP is how difficult it is for people to use simply. "It’s a real pain," says Green. "There’s key management – you have to use it in your existing email client, and then you have to download keys, and then there’s this whole third issue of making sure they’re the right keys." How is this PGP's fault? The computing world has had 24 years to catch up with the standard, and frankly it does everything listed here out of the box on Linux. Microsoft, Apple and Google have all been dragging their feet in the sand when it comes to actually implementing it, so the onus really falls on them as far as I can tell. PGP is still Pretty Good Privacy: not perfect by any means, but a considerable step up from plaintext. Maybe there are credible threats to it's security, but most people reading this will probably be dead before it's implemented. |
|
|
If you use Thunderbird as your email client, then it will download the right keys for you automatically.[0]
Actually it's two clicks to use the WKD support to download the key (assuming your correspondent's email provider supports that, as ProtonMail does[1]) or the keys are already downloaded if they are included as an attachment or as a header (which is the case if your correspondent is using a client that supports Autocrypt[2]).
As with other E2E encrypted systems, you should check these keys(' fingerprints) out of band, otherwise your security only follows the TOFU model, but this is still a huge improvement over non-PGP email and doesn't require any special understanding of cryptography.
[0] https://support.mozilla.org/en-US/kb/openpgp-thunderbird-how...
[1] https://protonmail.com/blog/security-updates-2019/
[2] https://autocrypt.org/