Plan B - Who carries the torch?

Ryan McGinnis ryan at digicana.com
Wed Jan 6 17:08:31 CET 2021


Why does GPG continue to be developed with email uses in mind even though it's now widely accepted that GPG is a terrible way to securely communicate with another person and that a number of much more secure, much more robust, much less complicated (from the end user perspective) solutions exist?  I'm guessing it's the same reason.

-Ryan McGinnis
http://www.bigstormpicture.com
PGP Fingerprint: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Tuesday, January 5th, 2021 at 9:46 AM, Stefan Claas via Gnupg-users <gnupg-users at gnupg.org> wrote:

> On Tue, Jan 5, 2021 at 3:44 PM Werner Koch via Gnupg-users
> 

> gnupg-users at gnupg.org wrote:
> 

> > On Tue, 5 Jan 2021 07:27, Jean-David Beyer said:
> > 

> > > Building a web of trust is so hopeless, from my point of view, that I
> > > 

> > > have abandonned gnupg. I have made keys for myself, obtained enigmail
> > 

> > Virtually nobody uses the WoT. What people use are direct key
> > 

> > signatures. That is you verify a key's owner and then sign that key.
> > 

> > Usually not even exportable. Verification is often done by trust on
> > 

> > first use. And that is okay for the majority of use cases.
> 

> Not sure I understand you correctly, but why are then SKS key servers
> 

> still in operation, which allows third parties to look up who signed
> 

> who's key and with what trust level and GnuPG's WoT support, compared
> 

> to sq and Hagrid?
> 

> Regards
> 

> Stefan
> 

> Gnupg-users mailing list
> 

> Gnupg-users at gnupg.org
> 

> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 855 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210106/5a578183/attachment-0001.sig>


More information about the Gnupg-users mailing list