Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can send encrypted email. That's how email already works.

You can also send encrypted messages over any other medium. You don't need the messenger app to encrypt your messages for you.

One of the common arguments that PGP is bad is that it's "inevitable" that someone will send a message in cleartext, defeating the whole purpose of encrypting your messages. I don't understand this. The fact that this is possible to do is obviously an artifact of the idea that the user should be unable to tell whether the messages they send and receive are encrypted or not. Do the encryption and decryption yourself, and this is not a mistake it's possible to make. Don't confuse the encryption, which is something you do, with the delivery, which is something the channel does. The point of encryption is that the channel can't be trusted!



You can encrypt the email content with PGP or Age, sure. However, metadata such as the Subject line, sender and receiver are in plaintext. Lavabit fixed this, but requires money. You can use i2p tools to fix this too.


The subject line is content set by the user. What are you thinking of?


Regular encrypted email relies on a certificate authority


S/MIME does. PGP doesn’t (but only serves part of S/MIME’s purpose). That said, email does rely on a central authority—DNS.


DNS isn't a central authority. Everyone selects their own DNS server. It can say whatever it wants.

This is a rare case where it's centralized in practice and yet the option to do your own thing hasn't been removed from the relevant software.


If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication. You’re just arguing a pretty pointless technicality.


> If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication.

Why? It can easily be the case that that traffic is observable by outside parties. You'd still need to encrypt your communication.

Connecting to the DNS server "securely" doesn't really get you anything except some DOS resistance.


DNS already supports encryption on the protocol level. And even if you can’t use DOH/DOT, you can use PGP or age or whatever in your clear text too.

  $ dig +short @<trusted_server> TXT <encrypted_content>.
  <encrypted_content_back>


In practice yes, but it's good to know the smtp rfc does support domain literals, ie user@IP.


pgp or gpg relies on you dealing with the keys.


What?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: