That's not the argument, it's that it's a bad design repeatedly shown to be show... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pvg 56 days ago \| parent \| context \| favorite \| on: Spoofing OpenPGP.js signature verification That's not the argument, it's that it's a bad design repeatedly shown to be shown to be prone to serious vulnerabilities and it's silly to argue it's not a bad design at yet another such time. People have made serious arguments for all sorts of design problems in SSL/TLS.

deknos 56 days ago [–]

the design is not bad per se. pgp is just a bit outdated and needs an overhaul.

And cryptographic serialization is just difficult.

pvg 56 days ago | [–]

It's not resting, it's dead.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact