1. 30
  1.  

  2. 5

    OpenPGP is woefully insufficient for today’s Internet security requirements and short of an attack little will motivate people to get rid of it and replace it with something better. So, while it’s sad that this is happening, the upside is pretty great news for infosec, and a very long time coming. Just don’t switch to something even worse (but I’m not holding my breath).

    1. 4

      OpenPGP is woefully insufficient for today’s Internet security requirements

      Why?

      I’m asking because I don’t agree. I think PGP/GPG accomplishes it’s objectives.

      1. 2

        something better

        Honest question - what?

        Is this a case where we move towards different tools for different needs? Maybe Signal and friends can handle communications, signify can replace distribution of software, …

        1. 5

          Honest question - what?

          Here’s a refresher on DPKI - Decentralized Public Key Infrastructure (with supplemental notes [1] and [2]), a collective vision that is some 5+ years in the making.

          EDIT: there is also Decentralized Identifiers (DID), though I’m less familiar with that spec. There are different groups working on that (including Microsoft, Sovrin and many others).

          EDIT2: If you’re really interested in this, follow and attend the work done by Rebooting Web of Trust.

          1. 3

            Awesome! I am not too knowledgeable in this space so the links are very appreciated.