Plan B - Who carries the torch?

Jacky Alcine yo at jacky.wtf
Wed Jan 6 17:40:33 CET 2021


It's hard to look towards the future if they invest in the past. I'm definitely on the younger side of this mailing list but GPG has definitely out lasted its usefuless. The majority of people using it don't even know they do and it's probably because of the use via Debian's packaging system.

E-mail is definitely the carrier pigeon of communication today and I agree that the need to decouple the association is needed but that's like trying to remove hydrogen from water. The identities are so tied to it (inb4 fingerprints - please) that it's beyond time (like since 2010 imo) for something else - anything else tbh.

On Wed, Jan 6, 2021, at 08:08, Ryan McGinnis via Gnupg-users wrote:
> Why does GPG continue to be developed with email uses in mind even 
> though it's now widely accepted that GPG is a terrible way to securely 
> communicate with another person and that a number of much more secure, 
> much more robust, much less complicated (from the end user perspective) 
> solutions exist?  I'm guessing it's the same reason.
> 
> -Ryan McGinnis
> http://www.bigstormpicture.com
> PGP Fingerprint: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
> 
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> 
> On Tuesday, January 5th, 2021 at 9:46 AM, Stefan Claas via Gnupg-users 
> <gnupg-users at gnupg.org> wrote:
> 
> > On Tue, Jan 5, 2021 at 3:44 PM Werner Koch via Gnupg-users
> > 
> 
> > gnupg-users at gnupg.org wrote:
> > 
> 
> > > On Tue, 5 Jan 2021 07:27, Jean-David Beyer said:
> > > 
> 
> > > > Building a web of trust is so hopeless, from my point of view, that I
> > > > 
> 
> > > > have abandonned gnupg. I have made keys for myself, obtained enigmail
> > > 
> 
> > > Virtually nobody uses the WoT. What people use are direct key
> > > 
> 
> > > signatures. That is you verify a key's owner and then sign that key.
> > > 
> 
> > > Usually not even exportable. Verification is often done by trust on
> > > 
> 
> > > first use. And that is okay for the majority of use cases.
> > 
> 
> > Not sure I understand you correctly, but why are then SKS key servers
> > 
> 
> > still in operation, which allows third parties to look up who signed
> > 
> 
> > who's key and with what trust level and GnuPG's WoT support, compared
> > 
> 
> > to sq and Hagrid?
> > 
> 
> > Regards
> > 
> 
> > Stefan
> > 
> 
> > Gnupg-users mailing list
> > 
> 
> > Gnupg-users at gnupg.org
> > 
> 
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> Attachments:
> * signature.asc




More information about the Gnupg-users mailing list