No idea how I’m supposed to take this ranty blog needlessly interspersed with furry cartoons seriously. But it’s basically just restating (poorly) all the same criticisms and alternatives written about here: https://www.latacora.com/blog/2019/07/16/the-pgp-problem/
The ‘real’ criticisms of PGP are that it’s old, it’s clunky, and it doesn’t support forward secrecy by design. None of that is invalid, but I think the importance of those points depends on the use case and user.
The alternatives given are myriad and complexity and clunkiness are interspersed between dozens of solutions instead of well understood and documented in one tool.
That isn’t a superior approach. I’m not arguing that PGP is perfect, but it’s absolutely asinine to suggest (like this blog and others suggest) that the solution is to use dozens of other solutions with their own problems and with less auditing.
If we’re going to replace PGP, we need to do it properly in a centralized library/toolchain. Breaking up the solution and spreading it around just magnifies the problems.
Oh no. Can we please stop pushing (Open)PGP / GPG?
Why?
Because expertie-experts dislike it while not providing any alternative? No.
Here are some alternatives, depending on your use-case: https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/
No idea how I’m supposed to take this ranty blog needlessly interspersed with furry cartoons seriously. But it’s basically just restating (poorly) all the same criticisms and alternatives written about here: https://www.latacora.com/blog/2019/07/16/the-pgp-problem/
The ‘real’ criticisms of PGP are that it’s old, it’s clunky, and it doesn’t support forward secrecy by design. None of that is invalid, but I think the importance of those points depends on the use case and user.
The alternatives given are myriad and complexity and clunkiness are interspersed between dozens of solutions instead of well understood and documented in one tool.
That isn’t a superior approach. I’m not arguing that PGP is perfect, but it’s absolutely asinine to suggest (like this blog and others suggest) that the solution is to use dozens of other solutions with their own problems and with less auditing.
If we’re going to replace PGP, we need to do it properly in a centralized library/toolchain. Breaking up the solution and spreading it around just magnifies the problems.
A furry recommending shit? Nah I’ll do the opposite.