The web seems like a clusterfuck of people arguing.<p>I found Signal Protocol and it seems to be the end-all, be-all answer to how to do encrypted messaging correctly. Anecdotes or discussions of small companies or users implementing solutions on top of the protocol appear to be nonexistent.<p>Virgil Security seems to be a recent entrant to providing a secure, CSAAS platform to enable developers to build secure applications. The only discussion of Virgil I could find online is on Reddit, and just a couple of guys arguing and throwing names back and forth. This seems to be the normal, not just for this company, but discussions about crypto implementations in general.<p>As for authentication, everyone seems to be deadset on Auth0 in 2018, but their pricing model can be cost-prohibitive if you need certain features only available to Enterprise accounts. In my past, authentication was always taken seriously but never considered too difficult to build in-house. Something like Django with one of the many OAuth python toolkits worked just fine. Now, it seems anywhere I read people say “don’t roll your own, it’s too easy to fuck up and you have to remember 100,000 different things to do it correctly.”.<p>Am I letting the Internet cloud my judgement?<p>Is there a good, digestible answer to building stuff like this with limited technical resources (small teams or one-man teams) that can stand up to production users?
No. Full stop. The solution will be some kind of computing “Manhattan Project” that only a war could successfully muster the will to build and the willingness of all parties to implement.<p>Source: the last 30 years