Signal has a nicer communication user interface for some communication compared to email + PGP but it has not really solved the verification problem that many secure communication methods have.
The grandparent is advising the writer to improve the verification aspects that PGP provides.
Have you tried re-establishing trust with a Signal user who wiped their device? It falls back to the same PGP problem of comparing a string of numbers over a different secure channel.
Moxie addresses some problems with the OpenPGP RFC and with the GnuPG implementation, but after re-reading that post I don't see how it relates to the verifiability issue the grandparent is bringing up.
The grandparent is advising the writer to improve the verification aspects that PGP provides.
Have you tried re-establishing trust with a Signal user who wiped their device? It falls back to the same PGP problem of comparing a string of numbers over a different secure channel.
Moxie addresses some problems with the OpenPGP RFC and with the GnuPG implementation, but after re-reading that post I don't see how it relates to the verifiability issue the grandparent is bringing up.