One thing that is currently missing from E2E (as far as I can tell having played... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mikekchar on Aug 26, 2015 \| parent \| context \| favorite \| on: How to support PGP encryption in Gmail One thing that is currently missing from E2E (as far as I can tell having played with it a little in the last month) is any kind of web of trust. When I import a key, I can't tell if it has been signed by me or someone I trust. Is this on the radar for the UI after the Keyring reimplementation is finished? At the moment, what we've suggested at our work is that people manage keys in GPG and then only export keys into E2E if they trust them. But it would be nice be able to do those kinds of things in E2E (or at least be able to tell if a key was signed by me). BTW, thanks for working on this!

koto1sa on Aug 26, 2015 [–]

See https://github.com/google/end-to-end/wiki/Key-Distribution. In short, we don't invest much into WoT.

timboslice on Aug 26, 2015 | [–]

After giving that a read, I'm happy that there are people way smarter than me working on these problems. Kudos to your efforts!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact