[schoen]

Signal was partly created with the use case in mind of political activists who may know each other informally, through loose social ties, and who might not always even know each other's offline identities.

It's also great for secure conversations among small groups of family and friends.

It seems right to me that the story of how to use Signal for professional collaboration within an organization is underspecified and underexplored. In other government (and some corporate) contexts there's historically a centralized PKI and centralized IT management, but Signal hasn't embraced that because you shouldn't have to trust anybody as an intermediary, and you should be able to communicate securely with anyone you choose.

I think those are the right ideals for humanity-in-general, but if you happen to be the actual government you probably can trust some parts of the government to help set up your communications security. The resulting top-down security plan may never mesh well with Signal's design, though. Imagine trying to convince the Signal developers that users should be able to opt in to trust a PKI (and maybe even opt out of trusting contacts outside of that PKI!). That would probably be a terrible decision for most Signal users, but probably a pretty appropriate decision for some government Signal users!