1. 4

  2. 1

    The whole bit about subsidiarity is interesting, but I want to highlight the few bits about PGP:

    The thing is, PGP basically sucks. It’s really hard to use and even harder to use well. In fact, PGP is so creaky that a lot of people just pretend it doesn’t exist.

    to a first approximation, no one uses PGP

    PGP, remember, is 30 years old, and dramatically under-resourced.

    Maybe we have to get rid of PGP and start over.

    I don’t really see why he comes to the conclusion that we need to throw away 30 years of work and the existing web of trust for… something new that needs tons of investment (?). Maybe someone more familiar with Doctorow’s work can shed some light on this attitude.

    1. 5

      The problem isn’t Doctorow, the problem is PGP. For example, here’s the Signal blog discussing requirements, explaining that PGP is an “architectural dead end”. https://www.signal.org/blog/asynchronous-security/

      Or this: https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/