Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The reality of the situation is that you can't remove the human factor from security. So someone copying your email to someone else is a human problem that can't be fixed - someone could just as easily photograph the screen.

The reality is email will continue to be used, and there is a use case for being able to send an email securely to another person.

EFail was pretty bad, but only affected HTML email.

Having a modicum of backwards compatibility is how to encourage transitioning to new tech, so the RSA implementation makes sense.

I must say this is the first decent alternative I've seen for GPG instead of rants about Signal and specialised tooling that just ignore the issue that folks want to be able to send secure emails to each other.



I would love to see a sound implementation of secure e-mail, but I also believe that such a system should not be built on top of SMTP.

Signal’s cryptography seems stellar, but to me it feels a bit weird to use instant messaging as a full replacement for electronic letters. I’m guessing here, but it would probably not be impossible to build a more traditional e-mail client on top of the Signal Protocol.


I don't see why this should not be possible.

Isn't this mainly about adding a a subject metadata field an a client that just displays messages differently, enables sorting into directories and so on?

Is there a real technical difference between messaging and long form emails that I don't see?


Email is based on open, federated protocols. Every successful instant messaging service (sorry XMPP) as been a single closed provider.


Replacing email with a seperate 'secure email' system would probably work, at least until idiots write awful implementations of the secure-email protocols.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: