Meanwhile we're still relying massively on email, sending un-encrypted bits of texts, with no way of authenticating the sender with 100% reliability. We receive tons of spam. All the protections that are put in place - DKIM, SPF, are hard to setup and imperfect. These seem problems that GPG could help tremendously with.
In parallel, technologies like Oauth, and now WebAuthn that bear somewhat similar concepts, are receiving massive adoption.
So it gets me to wonder: what's the catch? Why isn't everyone using GPG now? Even without knowing it?
* sure, Proton and Fast might be different but they're 2 OM smaller
PGP is also poorly designed: https://www.usenix.org/legacy/events/sec99/full_papers/whitt...
I was all over GPG from the outset back in the 1990s because I was very activated by Phil Zimmerman's crusade to get the source code out. But even for a very tech-literate person it was a giant pain in the ass to use in any other context than a CLI, and for a long time the maintainers obstinately refused to make it easier for a marketplace that was moving to GUI.
There's a really great implementation of it now in Keybase, but although I've used it on and off for several years I've kind of abandoned it because many people found the software/UI too fiddly and inaccessible, so I have nobody else who depends on it.
To my mind part of the problem from the outset was the whole keyring concept and the need to keep track of a bunch of other people's public keys. I have never bothered to do this manually because I just didn't care for the maintenance. I think it might have been better to include PGP keys as MIME attachments or something. Putting the public key as a text block in the body every email just seemed ineffective and aggressively nerdy, like people demanding everyone else pay attention to their sigfile as opposed to just making the information available to interested parties.
Thought experiment: if you can manage your keys for signing and encrypting email with the same infra as passkeys, and it’s as easy as Touch ID or Face ID when you hit send, what does uptake look like?