[oceanofsolaris]

At least the GPG authors seem to be of the opinion that in order to make their programm usable for a larger amount of users, TOFU would be a good idea [1]. I don't see why hiding the trust-building from users is necessarily such a bad thing if it leads to a lot more people using encryption. If you are an expert user, verifying the keys is not impossible for you, even if GPG uses TOFU.

In the end, the current PGP workflow is simply unusable for many people [2]. It might be a good idea to introduce a new and improved encrypted email protocol, but since PGP/GPG are already here and had a lot of developement, why not make them usable for more people? What percentage of your emails are currently sent encrypted? I have currently two people whom I can send encrypted email; 99% of my email is currently not encrypted. I would really love to increase this.

[1] https://www.gnupg.org/blog/20150911-gnupg-this-summer.html

[2] Edward Snowden had a hard time convincing Glenn Greenwald to set up GPG. Even though he made a 12 minute video that detailed all the (horribly unintuitive for a non-expert) steps. So even with a strong incentive (possible whistleblower contact), the difficult setup procedure was enough to scare Greenwald away.