undefined | Better HN

0 pointslrvick1mo ago0 comments

Self-sovereign PKI identity, key discovery, file encryption, artifact, code, review signing, security disclosures, boot signing etc etc.

0 comments

4 comments · 2 top-level

growse1mo ago· 2 in thread

Who's reinventing a tool that can do all that?

No one. The influencers are simply telling you you're wrong if you think you need that.

Which is the thing, we do need a single key that can be used for all those things. So we get PGP.

growse1mo ago

> No one.

I thought everyone was "trying so hard to re-invent PGP".

> we do need a single key that can be used for all those things

We do? This is not obvious. Why does my disk encryption key need to be the same that I use to sign binaries that I release?

Don't forget authentication! Been using pgp keys on smart cards as ssh keys for ages.

j / k navigate · click thread line to collapse