Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Signing isn't encryption.

If someone else has the key, it's not safe encryption. It's only as safe as the entities holding the keys. Do we know that they won't sell? Be forced? What happens if they get hacked?

Now it's not your security you have to monitor, but theirs. And you can't control theirs.



Isn't that the same argument for the receiver of a PGP email? How do you know they won't sell your email, be forced to, or have memory stealing malware on their machine reading all emails?


The receiver is first party, the rest are third-party. Intentions and roles are different.

Anyway, your argument could be extended to any E2EE protocol...

And why we still use encryption? Because we usually trust the receiver and also the receiver can suffer from the leak of the message.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: