Related, a criticism of PGP by a cryptographer, focusing on things besides the UI.
Johnny encrypts every day in a very usable way when he reads his email or banks online. He just doesn’t care to manage a web of trust on his own, and even if he did his friends don’t.
I feel the biggest usability challenge to gpg is how to express and maintain a web of trust. Trust is a very complicated thing. And all the complexity of gpg’s trust mechanism is too much for Johnny to care for. Johnny’s friends don’t care either.
I would love to see some usability magic applied towards managing a web of trust. Maybe something like letsencrypt.org but for personal keys. Maybe something even cooler.
There’s keybase.io, which sounds similar (using existing social networks to model trust).