FAQ: Technical Questions & Answers
Why do I need PGP? Isn't TLS/SSL enough?
PGP is P2P and decentralized.
TLS/SSL itself is generally secure. But on the Internet it is dependent on public DNS and Certificate Authorities. Both of these types of centralized servers are prime targets. Just one CA has to fail.
Worse, some ISPs and organizations sabotage TLS/SSL directly.
You can exchange TLS public keys in some other way, and pin the keys. These are promising approaches, and GoodCrypto may use them.
DNSSEC may help some, but it is still very dependent on DNS and not yet widely trusted.
Many mail servers don't encrypt at all. Especially in large organizations, mail may go through multiple servers. You can't force intermediate mail servers to encrypt. SMTP doesn't require it. So there's no guarantee that messages between mail servers are encrypted.
PGP is end to end, from domain to domain or user to user, and decentralized.
The GoodCrypto mail server handles everything for you transparently. You aren't as vulnerable to TLS attacks.You don't need cooperation from intermediate mail servers.