Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Emails aren't encrypted, because there is no good way to manage trust between users at this point. PGP exists, but it's key management sucks in many ways. But look at a lot of large corporations where the trust can be bound to one service and encryption will be just one click away. S/MIME is a widely adopted standard (https://en.wikipedia.org/wiki/S/MIME) in email and works well.


There's no good way to manage trust between users because the services have to be interoperable. Look at messaging services like Telegram or Signal; end-to-end encryption is easy because they're single entities who decide how all messages are sent and received on their platforms.


I don't think communication services themselves have to be interpretable to manage trust correctly. See PGP used in email, git, package signing, etc. - completely unrelated actions, same trust network.

"How all messages are sent" and "who signed the message" are mostly separate issues. See for example https://en.wikipedia.org/wiki/Off-the-Record_Messaging which works on pretty much any messaging app/network.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: