Just out of curiosity: who here regularly uses pgp to sign and encrypt emails in their day-to-day correspondence?
Also, why hasn't it just been incorporated in the standard a long time ago? Is it maybe because it would make filtering out spam that much harder?

@gabor These are all good questions. I think some of the reasons PGP hasn't taken off are that PKI can be hard to understand and set up, many popular mail clients don't support it natively, messages that use PGP are ugly and cumbersome to work with, using PGP makes the sender look geeky, and most people don't care as much about privacy as they should.

Apps that make crypto easy, such as Signal, are easier to adopt. I think there's scope for a more Signal-like PGP-capable email experience.

@gabor I use Signal and ProtonMail, and since I don't sign git commits I don't believe I need PGP.

@gabor I do not. I guess I just haven’t bothered because outside of work, the frequency by which I’m using email to communicate is going down. Even for those times when I do use email to communicate, my recipients don’t really know or care about email encryption or signing.

@gabor Setting up keys is a pain. Refreshing keys is a pain. Expiring subkeys are a pain. Leaking keys is a pain. Finding keys of others is a pain.

In my work corresponence, I'm regularly seeing people ask to update their keys, and I can't be bothered to fiddle with gpg imports every month.

I also regularly see technically inclined people make multiple attempts to fix their keys.

I never bothered to find out how or where to put my key in public.

I think client support falls victim to the chicken-and-egg problem, coming from the above issues.

But maybe can fix issues.

@gabor support could help spam: either be signed by a trusted party, or be encrypted specifically for me. Sadly, this won't work until ~everyone adopts PGP.

I think the big emails providers/advertising platforms are not eager to give up the ability to read your emails though.

@gabor most people don't need that kinda secrecy. those who do will request it be made as the default arragement.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.