Experts avoid PGP like the stomach flu. It'd be interesting if you could find a single cryptography engineer of note that has spoken up for it in the last 10 years.

This is all amusing. Not that it matters, but when I said "expert" I really meant any user that understands how to use PGP. Those of us born during the construction of the pyramids know how to use it because it was the only option that existed back then, and we still have that knowledge despite other options existing. Signal and other options are great, but you can't encrypt arbitrary data with it. PGP is really a different use case these days. And the ancients that still write emails.

Experts like certificate authorities, which have proven themselves to be completely unreliable several times.

I'm not aware of any experts who like individual certificate authorities. Are there some that I'm missing?

I think perhaps what you mean to say is that experts like the x509 PKI. Which again, isn't quite true. You'll find plenty of experts pointing out that major parts of x509 and the PKI ecosystem, and of TLS and HTTPS, are garbage: ASN.1 parsing is a trashfire, protocol/cipher negotiation has had numerous critical flaws, things like compression have allowed traffic to be decrypted.

What I think is more accurate to say is that experts have invested heavily in finding ways to augment web infrastructure to remove broad categories of these, and the result is a generally recommendable system. This includes things like moving to TLS 1.3, enforcing that CAs participate in Cert Transparency logs, delisting CAs that misbehave, and adjusting browser behavior to avoid security pitfalls like mixed content that compromise users.

The problem with doing that for GPG is partly that its fundamental nature is not well aligned with making those kinds of changes, and partly that (as we see in the original post) GnuPG is resistant to making changes that would leave behind users of insecure codepaths and cryptography.

I would like you to name a cryptography engineer of any note that advocates for the underlying technical details of the X.509 CA system. For that matter, I'd be interested in whether you could name one of any note that works for any CA, LetsEncrypt possibly excluded.

Why do you, and your supposed cryptography engineers, talk shit about everything that is actually used instead of doing something useful like making those things better or providing alternatives?

It's getting really hard to take you seriously. You hate gpg, you hate pki and you always claim to know better than industry standards without providing any details whatsoever.

What would you say https://www.latacora.com/blog/2018/04/03/cryptographic-right... and https://www.latacora.com/blog/2020/03/12/the-soc-starting/ are, if not "doing something useful like making those things better or providing alternatives"

Grandstanding blog posts? Where is the superior pgp or x509 replacement?

I think we've bottomed out this thread, if somebody saying something negative about something you like is "talking shit" and saying something positive about things you don't like is "grandstanding".

I don't know where "you hate PKI" comes from. Certainly I dislike X.509! It's a terrible protocol/format, and I doubt even its own designers would repeat the mistake. But I use the WebPKI, and have spent most of my time on HN talking about it defending it.

I'm pretty comfortable with who does and doesn't take me seriously, for what it's worth. You don't have to if you don't want to.

Okay you hate X509. Should we just ditch https then?

It's as if you stopped reading 1/3 of the way into the comment you're replying to.

What? You want me to acknowledge this?

> I'm pretty comfortable with who does and doesn't take me seriously, for what it's worth. You don't have to if you don't want to.

Cool. Happy for you bro.