[tptacek]

Not only should PGP go away for that use case, but it easily could; very few people would need to be convinced to upgrade it to a better format. What's held that back from happening is nobody agreeing on what that better format is; it's the same reason we're only now getting WireGuard after almost 2 decades of IPSEC VPNs.

[kjs3]

Not only should PGP go away for that use case, but it easily could

Says someone who has never had to do it.

very few people would need to be convinced to upgrade it to a better format

Only the tens of thousands of current users who I personally have who would see no reason to change something that currently works and is secure. I have, in fact, suggested a number of better solutions over the years.

Hell...it took us 10 years to convince all the third parties that plain FTP was probably a bad idea. And there's still a tiny handful of very, very large companies that still say 'meh' and force us to keep an FTP server around.

Must be nice to not have to deal with real customers.

[tptacek]

Is there someone you know with a similar name to mine that you think you're talking to? The kinds of issues you're talking about are my actual full-time job.

[kjs3]

Oh, my...don't you know who I am?. Classy. I guess my aversion to being Internet Famous makes me easy to condescend to.

My "actual full-time job" is building and operating security teams for Fortune 1000 sized companies, not startups. These kinds of issues are also what I do every day. I just do it with far more customers, internal stake holders, budget, technical debt, politics, employees, governance, geography, etc., etc. And I actually do those hard things; I don't just say "you should do this...it should be easy".

Consider that just maybe your perspective doesn't represent the totality of the security landscape. Things that are easy when you're consulting to the latest Foo of Bar startup or whatever is spooling out cat videos this week are very, very hard when you're dealing with entrenched, interconnected business processes processing billions of dollars of other peoples money. Just a thought.