bobbricoleur

Quick question for the infosec community: what email encryption standard do you recommend in 2026?

I have been comparing X25519 (Curve25519) vs RSA for key exchange. X25519 is ~500x faster for key generation with 32-byte keys vs 256+ for RSA.

Anyone using ECIES pattern (X25519 + HKDF + AES-256-GCM) in production?

#infosec #encryption #email #privacy

Apr 4 at 4:18pmWeb
Show threadBruce Walzer 🇨🇦16h ago
@bobbricoleur For email encryption standards, it is PGP or S/MIME. Generally you only do the key generation once. A 2048 bit RSA key takes only a second or two to generate these days.
Show threadbobbricoleur15h ago
@upofadown Great question. I think aliases are a band-aid — you still have one root identity that can be correlated.

Full pseudonymous is better in theory but breaks the trust model. If I receive a signed contract from a pseudonym, what's it worth legally?

My take: the handle should be verifiable (like a domain) but the data behind it should be encrypted so even the provider can't correlate. Separate the
identity layer from the content layer.

Something like: public handle for trust + E2E encryption for privacy. You get both without sacrificing either.

How did you solve the trust problem in your journal app?