It's true: the more technical background and pre-conceptions you have, the more more likely you run into trouble with #deltachat π
Don't think so much! π
@delta those are important users to get along though. They're the people everyone else asks for if a tool is good.
@wmd there are many computer people pretty happy with #deltachat ... who value precisely that they can use it with their families and friends easily, though.
With a lot of alternative software, the complaint is that it is only usable by specialists. We are pretty happy that in our case it is more the specialists who need to work harder and read the FAQ to understand that some lines of traditional thinking about eg email and pgp do not apply https://delta.chat/en/help
@wmd @delta I don't understand why combining delta with Thunderbird (a client mostly for cleartext mail), or importing some cryptographic key is required to value delta's architectures. Do you hack a different cryptographic key into your signal database, and otherwise don't feel confident to recommend it?
Edited 22h ago
@hpk @delta I think as mailclients go, thunderbird is one that gets combined most with pgp?
Some people value their trust chains and have very well checked keys, or they want to generate their custom key. Because you can, you get "closer to the metal". Signal doesn't offer it, so it might be a loss or just not considered. That deltachat uses pgp invites people to think im their typical pgo ways/workflows. π€·πΌββοΈ
@wmd @hpk one of the biggest problems with pgp has traditionally been the high flexibility in hash algorithms, key types, key structures etc.
modern cryptographic systems like signal don't allow such flexibility, and delta also doesn't https://delta.chat/en/help#importkey
It's part of the reason why delta pretty persistently is not vulnerable against the many successful attacks against pgp implementations like gpg.
@wmd @hpk we are aware of the confusion (it was the whole point of the top level post after all) and doing our best to explain things, and the history of decisions. You seemed to suggest we should make sure to accommodate gpg and Thunderbird users because they are key multipliers, but frankly, we don't think the current state of these tools provides good examples or guidance for secure group messaging ala signal.
Edited 22h ago
@delta @hpk 1) I was part explaining as hpk said they didn't understand. 2) I don't think you need to facilitate thunderbird+gpg users, just that as deltachat is advertised a lot as being based on mail+pgp, it's good to be aware there is a key audience that can get confused by it.
If you tell me something is based on ssh, but I can't do the usual ssh features/flow I'll also be confused if not frustrated. π€·πΌββοΈ
@wmd @hpk we are not advertising mail+pgp in the app, and also not in the web site or app stores of today. It's true that until April 2024 we emphasized mail+pgp more towards users and that's probably the background you remember and argue from. Today, we use email and openpgp for interoperability, and to benefit from a massive ecosystem of software and established understandings and code. But the goal is that users can stay pretty unaware about these underpinnings.