About document signing

[kaoD]

Hi!

I love cryptography so this is kinda my area of interest. Just to add to
solderpunk's great reply: modern TLS with DH also adds forward secrecy,
which is a very desirable property that GPG lacks.

Inline on freD's message:

I must confess that TLS is a big issue for me.
I don't really trust TLS as company/states nowdays use TLS interception and
we should consider TLS as broken.


Can you elaborate? What is TLS interception and how does it make TLS broken?

Really secure application are now using end-to-end encryption at
application level (protonmail, etc.).


AFAIK Protonmail uses both: TLS for in-transit crypto (communication with
Protonmail servers) and GPG for at-rest crypto (the actual mail contents).

As a reminder: TLS is end-to-end encrypted!

In summary: TLS and GPG solve different problems and they can be used
alongside. (Also: GPG is a nightmare and there are better alternatives[0],
but that's another story).

Cheers,
kaoD

[0] https://www.cryptologie.net/article/502/alternatives-to-pgp/,
discussion in Reddit
https://www.reddit.com/r/crypto/comments/ggvl2h/alternatives_to_pgp/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20200518/367bbf25/attachment.htm>