Your Thoughts

Alyssa Ross hi at
Tue Jul 2 00:58:32 CEST 2019

> I think also (sorry to say this Werner!) the problem is that
> GnuPG is Linux cli based and not like MacPGP from Mr. Zimmermann,
> back in the 90's was GUI based with much lesser commands and
> easier to learn. There was back then no Enigmail or other
> MUA plug-ins and you could simply copy and paste your messages.

GnuPG is cross-platform and in no way tied to Linux, but I think you
have a point about the CLI-focused design of it. The problem isn't that
it's CLI-based per se, but that this design has made it far too easy for
it to accumulate features without much consideration for how the whole
thing works together.

For example, why isn't ask-cert-level a default? I'm guessing it's just
because at some point it didn't exist, and the developers didn't want to
make a backwards incompatible change. But it means that, out of the box,
signatures on other keys are next to useless, because it's not possible
to specify how carefully you've checked a key. This leads to people only
signing keys that they've very carefully checked, and makes it so that
marginal signatures see almost no use, which I think has likely been a
major contributor to the failure of the web of trust.

A large part of what makes alternative encryption software like Signal
successful is its simplicity. I don't have to worry about the 3000
different setting combinations available to me, because there's design
work been put into it to set me up for success out of the box. I've
spent hours of my life learning about how to use GnuPG, and have ended
up with a way of using it that seems completely different to anybody
else's, but I still don't think I'm doing it right. It's not possible to
figure out how to use it as intended, because there's no intended way to
use it. There's no high level design for how people are supposed to use
the software. And without that, it's never going to be possible to use
GnuPG properly no matter how much time one is willing to invest.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list