I don't know much about crypto, but this argument seems extremely compelling to me. Why would I want my network of trust to be public or centralized? Can someone more knowledgeable comment on whether parent is making sense?
EDIT: In fact look, from their /docs/server_security they have this:
> Here are the attacks we are most concerned about:
> Server DDOS'ed
> Server compromised; attacker corrupts server-side code and keys to send bad data to clients
> Server compromised; attacker distributes corrupted client-side code
Why would I want my GPG security to depend on whether some company got hacked or not? This seems like a terrible idea.
EDIT: In fact look, from their /docs/server_security they have this:
> Here are the attacks we are most concerned about:
> Server DDOS'ed
> Server compromised; attacker corrupts server-side code and keys to send bad data to clients
> Server compromised; attacker distributes corrupted client-side code
Why would I want my GPG security to depend on whether some company got hacked or not? This seems like a terrible idea.