Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Yet it is the most stable, the most open, the most proven, and the most supported PKI technology, supporting both encryption and signatures.

You're completely ignoring the CA system used for TLS. In the niche segment of encrypted/signed email, S/MIME sees an order of magnitude or two more use than PGP. Even DNSSEC, for all its issues, is probably more used than PGP.



The other really obvious comparison is Signal, which secures more messages in a week than PGP/GPG has in its entire lifespan.

I hate to have to point this out, but in the spirit of technical correctness: as bad as PGP is, it would still be a pretty big deal if it was totally broken (like, at the core, rather than its email use case, which Efail did catastrophically break). People would have to do things in response. But I maintain that if DNSSEC had a comparable failure, nobody would even need to be paged; literally nothing important meaningfully relies on it. It's almost perfectly performative.


Signal is controlled by one entity and supports 3.5 of the biggest platforms and does not provide libraries for third-party code.

Most people who use Signal are getting a closed-source binary.

I don’t see how it can even be compared to pgp.


I don't see them as meaningful competitors either, but not for the reasons you're giving.


CA is centralized and suffers from all the drawbacks of being such, including but not limited to censorship, lack of privacy, and centralization itself.

I don’t understand how it can be even seen as an alternative to something like pgp


It's a PKI system, and by far the most widely used PKI system at that. Calling PGP "the most proven, and most supported PKI technology" is just simply not factual. You may not like it, but that is no reason to disregard understanding why it is so successful and something like PGP languishes with basically no usage in comparison.

(As a rough estimate, there's something like 10,000-100,000 PGP users.)


Could you please explain how you came up with your estimate?

I’m pretty sure I’ve met that many pgp users without leaving my little corner of the world, which is not sv


The size of the keyrings of global PGP servers is knowable. I don't have a link to the analysis from which I draw the numbers, but the summary is about 100k PGP keys. Take into account unusable keys and duplicates, and some number in the (probably high) tens of thousands is a reasonable estimate for PGP users.

In terms of anecdata, the only people I've known to have used PGP where the ones working on supporting it in the email client; I've seen more evidence of S/MIME email than PGP, and even that is extremely thin on the ground.


FWIW, I use PGP daily and haven't touched a keyserver in a decade.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: