key distro bias

[mallory]

The document seems biased towards various cryptographic mechanisms and protocols, such as OpenPGP, when equally functional ones are available. It is littered with questionable statements. It seems to assume e2ee is always public key based; while that is common, a definition should cover the case where secret keys are securely distributed by, for example, human couriers.

I should certainly want to include other forms of secure key distribution so have added this as an issue to our queue. But also I think it's an open question whether we want to consider key generation by a third-party as strict e2ee. By someone more familiar with those systems than me it might be worth considering what the possible vulnerabilities are of this architecture.

[claucece]

I think that could be fair. As public key distribution is the most used one, I think we can note it but also note that other mechanisms to distribute keys are available.