Do “good” solutions to things like E2EE, authentication actually exist?
The web seems like a clusterfuck of people arguing.
I found Signal Protocol and it seems to be the end-all, be-all answer to how to do encrypted messaging correctly. Anecdotes or discussions of small companies or users implementing solutions on top of the protocol appear to be nonexistent.
Virgil Security seems to be a recent entrant to providing a secure, CSAAS platform to enable developers to build secure applications. The only discussion of Virgil I could find online is on Reddit, and just a couple of guys arguing and throwing names back and forth. This seems to be the normal, not just for this company, but discussions about crypto implementations in general.
As for authentication, everyone seems to be deadset on Auth0 in 2018, but their pricing model can be cost-prohibitive if you need certain features only available to Enterprise accounts. In my past, authentication was always taken seriously but never considered too difficult to build in-house. Something like Django with one of the many OAuth python toolkits worked just fine. Now, it seems anywhere I read people say “don’t roll your own, it’s too easy to fuck up and you have to remember 100,000 different things to do it correctly.”.
Am I letting the Internet cloud my judgement?
Is there a good, digestible answer to building stuff like this with limited technical resources (small teams or one-man teams) that can stand up to production users? No. Full stop. The solution will be some kind of computing “Manhattan Project” that only a war could successfully muster the will to build and the willingness of all parties to implement. Source: the last 30 years