The site does not use HTTPS (TLS) so that public key is completely useless. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		vasilakisfil on Feb 13, 2017 \| parent \| context \| favorite \| on: Encrypted email is still a pain The site does not use HTTPS (TLS) so that public key is completely useless.

jwilk on Feb 13, 2017 [–]

What is your threat model?

Is a TLA going to MITM all connections to incoherency.co.uk in order to read OpenGPG-encrypted mails? That's not very realistic.

I'm not saying that the way the key is being distributed is perfect, but I wouldn't say it's "completely useless".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact