| ▲ | marysol5 2 hours ago | |
I used to always use GPG, had my keys listed on keybase, which cross references my social media and websites to validate they're me. And there already is the first problem, how do you get and trust a public key? Key servers are chock full of fake keys. Just search Linus Torvalds on there... But even then, the sheer amount of people who'd complain and wonder what the block of base64 data was at the bottom of the e-mail, or the strange attachments I'd have (including signing other attachments) was too much to have to deal with. For the once in a million people who ever looked at key signing... | ||
| ▲ | zikduruqe 2 hours ago | parent [-] | |
I use GnuPG daily and mandate that everyone in our organization do the same. As part of the onboarding process, I have a doc explaining how to install GnuPG, generate keys and how to share their public key in a specific place in our network. Once you force people to do it, it is not terrible once they get the hang of it. | ||