Conversation
K. Ryabitsev
monsieuricon
Every time someone claims that they have replaced OpenPGP with "something easier," I always look to see how they handle key management and trust delegation, and usually discover that it's just handwaved away.
Questions like this are a reminder that key management and trust delegation are the exact thing that makes OpenPGP "too hard" in the eyes of most people.
https://www.reddit.com/r/linuxquestions/comments/16c16fu/how_can_i_verify_the_pgp_keys_for_linus_torvalds/
Questions like this are a reminder that key management and trust delegation are the exact thing that makes OpenPGP "too hard" in the eyes of most people.
https://www.reddit.com/r/linuxquestions/comments/16c16fu/how_can_i_verify_the_pgp_keys_for_linus_torvalds/
2
4
6
K. Ryabitsev
monsieuricon
@mariusor that solution doesn't scale. I'll just pay $50 for an AI to render a good enough video of Linus saying the fingerprint.
0
0
1
K. Ryabitsev
monsieuricon
@wagi It's a valid criticism of GnuPG, but it's not necessarily the fault of all OpenPGP implementations. Tools like Sequoia-PGP exist specifically as efforts to reimplement OpenPGP in a modern framework that's not bogged down by legacy decisions.
1
2
0
K. Ryabitsev
monsieuricon
@wagi last I looked, it couldn't do OpenPGP cards, so wasn't a suitable replacement for me yet. It may have changed since then.
0
0
0