Idiomdrottning’s homepage

Age for email

I’ve had a couple of different people ask to use age for email, and Emacs can handle that just fine, so I’ve acquiesced. I haven’t settled on a permanent key yet but here is one I’ve been using:

public key: age1p0r26arafja3ehq4kn5mrsh5fjw5mnp6jnde35hs4yq3z9l7tuyqcmjtmu

However, PGP has better tooling for automatic encryption and for key exchange (WKD and Autocrypt). It’s just something the email ecosystem has better adapted to.

Another thing that really sucks about age compared to PGP is that if I encrypt and send something to someone, I can’t then read it myself. If I wanna remember what the heck I’m even writing, I need to save a copy first.

For email, age has all the same drawbacks of PGP:

Age is a good tool for encrypting your backups and your own secret local text files, especially compared to a specific version of PGP called GPG:

Those drawbacks aren’t universal to all PGP implementations, though.

I don’t think it’s worthwhile to use for email.

I prefer PGP. Here is my key.

PGP is probably not the be-all, end-all either. I love email, I want email as a protocol to last forever, it’s the only platform that has managed to be fully federated with a world-writable inbox and a robust set of spam-fighting tools, and with SSL, DKIM, DMARC it has seen great strides, and if email can get better e2ee than PGP that’d be something I’d love; age isn’t it.

The age devs don’t wanna use age for email either, not because it can’t be done (as they point out in their thread, there’s an -a option to make it work) but because they are opposed to email security.🤦🏻‍♀️

Out of scope: Anything about emails (which are a fundamentally unsecurable medium)

Not really into the idea that we shouldn’t harm reduce email, that we should just give up on it etc. That’s not what I want.