For example, one provider and client like proton mail only uses OpenPGP and apple mail client only supports s/mime. Why is that? Why can we not have Proton mail support both, end of the story. Ain’t it?
Microsoft wants GPG/PGP dead and if it isn’t in outlook, corporate won’t use it and if corporate don’t use it, there’s no business incentive for services either.
S/MIME is insecure, outdated, depreciated, and should be discontinued; yet people don’t want to adapt or grow or change.
Because some organizations do use S/MIME; all email software is required to implement it, that is if they want to be adopted and used by said influential organizations.
OpenPGP and PGP in general is secure but suffers from usability issues and is often wrongly painted as user-unfriendly. (it’s really no worse than S/MIME, installing and managing keys is exactly the same hassle as it is with S/MIME.) The main issue is that some people are too lazy or resistant to change to adapt to it.
it’s really no worse than S/MIME
That’s damning with faint praise if I ever heard it.
The biggest problem of OpenPGP is key management. The web of trust is fine but key rotation is an absolute nightmare. And I say this as someone who has been comfortable using it for 27 years.
Funny thing to me about this is that I’ve been using PGP since 1993. OpenPGP became an RFC standard in 2007.
S/MIME became an RFC standard in 1999. And that’s really the reason it has stuck around. It got an 8 year head start on OpenPGP, despite PGP itself being used in email as far back as 1991.
Most email clients I’ve used can work with either, but there’s no point in using both.
Email is like IRC, outdated and inherently insecure, and awesome and I still use it knowing that. It’s insane that everything started using email for real government and business shit to begin with. You can’t ‘secure’ it as it is, even with this endpipe cosigning crap. I say just avoid email for sensitive comms altogether, treat it like the public mailbox it is, like IRC
[edit: or this!]
