> GPG isn't hard to use. It has quirks, but it's not hard - programmers should be able to figure it out.
I've been using GPG for roughly a decade, and I don't think I can consistently reproduce the basic commands I need from memory. I've lost track of the number of times I've corrupted my TTY by forgetting `--armor`, much less the number of times GPG has helpfully "guessed what I mean" in the wrong way.
At one point, I had at least 3 different copies of my key bundle on different keyservers. I wouldn't be able to tell you which one is the right one; I can count on a single hand the number of emails I've received encrypted to the right subkey (and on two hands the number of emails encrypted to any key of mine).
> Just the Root Certificate Authority process (which isn't bad, but it is just "hey guys, totally trust us").
This isn't true in a useful sense: the CA/B standards are pretty transparent, and the Web PKI mandates transparency (through things like CT) in a publicly auditable way. You can see (and verify) exactly what every CA is doing in the Web PKI, at all times.
I've been using GPG for roughly a decade, and I don't think I can consistently reproduce the basic commands I need from memory. I've lost track of the number of times I've corrupted my TTY by forgetting `--armor`, much less the number of times GPG has helpfully "guessed what I mean" in the wrong way.
At one point, I had at least 3 different copies of my key bundle on different keyservers. I wouldn't be able to tell you which one is the right one; I can count on a single hand the number of emails I've received encrypted to the right subkey (and on two hands the number of emails encrypted to any key of mine).
> Just the Root Certificate Authority process (which isn't bad, but it is just "hey guys, totally trust us").
This isn't true in a useful sense: the CA/B standards are pretty transparent, and the Web PKI mandates transparency (through things like CT) in a publicly auditable way. You can see (and verify) exactly what every CA is doing in the Web PKI, at all times.