Hacker News new | ask | show | jobs
by excel2flow 4033 days ago
Btw, does PGP support triple wrapping to prevent surreptitious forwarding? (S/MIME does - https://www.ietf.org/rfc/rfc2634.txt)

I really don't understand why it has been chosen over S/MIME. Maybe they gave the money to that german guy who wrote it and now they don't want them to be completely wasted :)
2 comments
lmm 4033 days ago
S/MIME has very little adoption - the kind of people who care about encrypting their email are usually the same kind of people who don't trust the CA system.
link
rmoriz 4033 days ago
That's not true: https://gist.github.com/rmoriz/5945400
link
excel2flow 4033 days ago
Also US medical data exchange is built on S/MIME: http://www.directtrust.org/
link
unsignedint 4033 days ago
Probably it's "S/MIME has very little adoption, outside of the corporate / enterprise market.."

Getting keys sign by CA is just as bad (or even worse -- you have to generate and then have that key signed by CA) than generating a key on OpenPGP scheme, and then there's the issue of cost. (Although I've seen some free ones out there.)

link
rmoriz 4032 days ago
No, it's not. WoSign, StartSSL and iirc Comodo create the private key in your browser. This functionality is afaik around since Netscape's first SSL-enabled browser and originally intended for client-side-certificates. Today it's implemened using the <keygen> tag [0].

This usually means, that you press a button in your browser, the Browser generates public+private key, stores them in your Keychain (OSX for example), sends the public key to the CA and the CA mails you the certificate.

It's really done in seconds and for Mail.app or iOS mail you just need to enable S/MIME and sign/encrypt. There are many tutorials out there for various MUA. Except of Android nearly every popular MUA can speak S/MIME including Outlook, Thunderbird… [1] and many tutorials are out there [2].

[0] https://developer.mozilla.org/en-US/docs/Web/HTML/Element/ke...

[1] https://gist.github.com/rmoriz/5945400#file-1_smime-clients-...

[2] http://kb.mozillazine.org/Getting_an_SMIME_certificate

link
CaptainZapp 4033 days ago
Despite his German sounding name, I can assure you that Phil Zimmermann, the creator of PGP, is very much an American.
link
marktam264 4033 days ago
I think he meant GPG. http://en.m.wikipedia.org/wiki/Werner_Koch
link
excel2flow 4033 days ago
Yes, thanks for correction.
link
escap 4033 days ago
He meant Werner Koch, the guy who is maintaining gnupg A few months ago, he asked again for donation, this time he got "good media exposure" and got funded. cf https://news.ycombinator.com/item?id=9011138

Facebook pledged to donate $50,000 a year to Koch’s project.

link
CaptainZapp 4033 days ago
Uuups, my bad.

Thanks for corrections.

link