[Cryptography] What ever happened to end-to-end email encryption?

[Bill Frantz]

Note that Phil can be justly proud of the WebPKI he worked on. 
It has definitely met it's most important design goal: Getting 
people to risk their credit card numbers online to make 
e=commerce transactions. Now, of course, I have objections to 
some features of WebPKI which I have discussed with Phil over 
the years, but WebPKI is "good enough" which is enough.

I am also glad he has at least a chance of getting the Mesh adopted.

On 8/23/21 at 1:16 AM, phill at hallambaker.com (Phillip 
Hallam-Baker) wrote:

>The realization I came to was that the only way that you can make broad
>scale PKI work is on a direct trust model. This is what PGP has degenerated
>into. Nobody really uses the Web o Trust, it is the fingerprints that
>matter.

My one use of the Web of Trust (WoT) was interesting. I had a 
company confidential document I wanted to work on from home. I 
wanted to encrypt it and send it to myself via email.

But, I didn't have my PGP key at the office. I didn't even have 
its fingerprint.

But Carl Ellison has signed my key, and I had Carl's key's 
fingerprint on his business card. I thought about it for a 
moment, and decided I trusted that Carl had signed my key, and 
not some interloper's key.

So I downloaded "my" key from the KeyServer, checked the 
signature, and used it.

Cheers - Bill

----------------------------------------------------
Bill Frantz        | Art is how we decorate space,
408-348-7900       | music is how we decorate time.
www.pwpconsult.com |          -Jean-Michel Basquiat