undefined | Better HN

0 pointsmtgx12y ago0 comments

I'm not sure how you plan on doing it, but I think you should tie everyone's public keys to their names/id's. So let's say you know someone who uses Mailpile. You shouldn't have to ask him what's his key. You should just "enable PGP" (if it's not default, though maybe it should be), and he should just get the e-mail.

So try to do the key management as automatic and "out of the way" for users as possible. That's the biggest hurdle with using PGP right now.

0 comments

3 comments · 2 top-level

chongli12y ago· 1 in thread

But that just defeats the whole purpose of PGP. If you don't even know where the key is coming from, how do you know it's secure?

amenod12y ago

Easy: http://www.xkcd.com/1181/ :)

icebraining12y ago

That's how PGP itself works - you have keyservers, to which the keys can be submitted and then other people can query it using the person's name and/or email.

The problem is, of course, ensuring the key is correct, and not some hijacker's.

j / k navigate · click thread line to collapse