@delta those are important users to get along though. They're the people everyone else asks for if a tool is good.
@wmd @delta I don't understand why combining delta with Thunderbird (a client mostly for cleartext mail), or importing some cryptographic key is required to value delta's architectures. Do you hack a different cryptographic key into your signal database, and otherwise don't feel confident to recommend it?
Edited 1d ago
@hpk @delta I think as mailclients go, thunderbird is one that gets combined most with pgp?
Some people value their trust chains and have very well checked keys, or they want to generate their custom key. Because you can, you get "closer to the metal". Signal doesn't offer it, so it might be a loss or just not considered. That deltachat uses pgp invites people to think im their typical pgo ways/workflows. π€·πΌββοΈ
@wmd @hpk one of the biggest problems with pgp has traditionally been the high flexibility in hash algorithms, key types, key structures etc.
modern cryptographic systems like signal don't allow such flexibility, and delta also doesn't https://delta.chat/en/help#importkey
It's part of the reason why delta pretty persistently is not vulnerable against the many successful attacks against pgp implementations like gpg.
@wmd @hpk we are aware of the confusion (it was the whole point of the top level post after all) and doing our best to explain things, and the history of decisions. You seemed to suggest we should make sure to accommodate gpg and Thunderbird users because they are key multipliers, but frankly, we don't think the current state of these tools provides good examples or guidance for secure group messaging ala signal.
Edited 23h ago
@delta @hpk 1) I was part explaining as hpk said they didn't understand. 2) I don't think you need to facilitate thunderbird+gpg users, just that as deltachat is advertised a lot as being based on mail+pgp, it's good to be aware there is a key audience that can get confused by it.
If you tell me something is based on ssh, but I can't do the usual ssh features/flow I'll also be confused if not frustrated. π€·πΌββοΈ
@wmd @hpk we are not advertising mail+pgp in the app, and also not in the web site or app stores of today. It's true that until April 2024 we emphasized mail+pgp more towards users and that's probably the background you remember and argue from. Today, we use email and openpgp for interoperability, and to benefit from a massive ecosystem of software and established understandings and code. But the goal is that users can stay pretty unaware about these underpinnings.