That's a weird thing to say. Yes, it is? What are you claiming is different about it? In fact, there are ways in which it has regressed from 2016's incarnation.
A renewed IETF working group that aggressively deprecated legacy ciphers and mandated modern ones with optional PQ crypto support (RFC 9580). Lots of actively developed rust implementations like rPGP, rsop, rpgpie, sequioa. Easy key provisioning and backup with smartcard support via keyfork. Smartcards with rust firmware by Nitrokey. Modern key distribution and trust bootstrapping via openpgp-ca, hagrid, keyoxide, etc.
GnuPG is admittedly garbage, but also that has not been a valid implementation of PGP specifications for a while and no one should use it anymore. PGP != GPG
I would strongly suggest taking a hard look at the last decade of thankless work going on to modernize the PGP ecosystem we all rely on directly or indirectly.
Currently writing up the above and a lot more in detail to refute years of outdated rhetoric on this topic so we can start having more useful conversations about it.
It's thankless because it's a bunch of folks at the county fair running around putting lipstick on all the pigs.
Having a bunch of implementations of an omnibus package that tries to be a crypto swiss army knife, written almost exclusively without the input of cryptographers, is actually not a desirable goal.
And none of the back seat drivers ever have alternatives to suggest that solve the same problems while having bothered to endure the IETF standardization process, and thus PGP will continue to be the trust foundation of the software supply chain of the internet for the forseeable future.
This fragile network we all use is made of a mountain of pigs that continually need their lipstick reapplied by people that do it for free or near free out of a desire to keep the whole thing running for everyone.
Said people even do it for the users that stay at safe distance pointlessly saying "We should go back in time and build it differently in unspecified ways!".
> Is your pitch that the people who call out problems with PGP don’t have suggested replacements for workflows?
Yep. I have read every single blog post I can find from critics. Most several times. As have most people that work on this stuff. Some were partly relevant when they were posted and even less relevant today. All of them completely missed the boat on the problems PGP solves that none of the alternative do, or have any serious suggestions for migration paths or standards changes.
I will be quoting most of those posts in a blog post in the next couple weeks on https://distrust.co.
Most of them have corporate alternatives to sell you which have no chance of adoption by standards bodies.
There's like, a whole section on https://www.latacora.com/blog/2019/07/16/the-pgp-problem/#th... that's specifically recommendations. The only ones that are "corporate" are chat (where PGP's UX and security model are absolutely horrendous in ways that both prevent mass adoption and make it comically easy to screw up, and where most of those problems are nearly impossible to resolve in a federated system) and I guess backups, if we consider Colin Percival to be "corporate" when he puts on his tarsnap hat.
GnuPG is not the final say for PGP any more than IE6 was the final say for the web. Migrating off IE6 took a while and so will migrating legacy systems off GnuPG. New users of PGP are thankfully mostly using new gen reasonably secure tools.
Just like IE6, GnuPG abandoned the global standardization processes and in doing so forced an expensive migration to successors.
Global changes on the internet take decades in part because of all the people far removed from the process spreading outdated information and demanding we give up on standards and move the whole world to centralized solutions that do not even solve the same problems, like Java Applets, Adobe Flash, or Signal.
Meanwhile those standardizing and rolling out longer term solutions roll their eyes and keep doing the work.
If everyone is moving to new software, in a migration that is barely 5% underway, why would you migrate to PGP of all possible cryptosystems? It's 2026.
I'd pose this challenge to you: find the most reputable cryptography engineer or academic cryptographer you can find that believes this is a good idea. I'd be interested if you could find even one. Fair warning: some of my confidence talking down PGP comes from knowing what the conventional wisdom among cryptographers is about the PGP cryptosystem.
New software that is compatible with any keys generated with good-enough ciphers from the last decade. Compatibility wins.
If we are going to play the appeal to authority game, I could just as easily challenge you to find any willing to publicly point out any serious issues with the current PQ focused OpenPGP standards with implementations using libraries by accomplished cryptographers. I am sure they would appreciate constructive feedback. Encourage them to join the specification process and recommend specific alternatives and migration paths.
I also wonder if we could find any that would not scrap TLS DNS and a lot of IETF protocols that run the internet today if they could. Decentralized protocols are messy but anything that tries to replace them without first taking the time to understand the current uses and migration path has no hope of success, and that is brutally difficult political work full of careful compromises.
Famous cryptographers have long advocated for things like tcpcrypt, and I even agree with them, but it will probably never happen. Too disruptive. We are still rolling out IPv6 FFS. When faced with an established global internet, compatible lower disruption migration steps are the only way forward as most experienced security engineers would begrudgingly agree.
Cryptographers should absolutely focus on the security of the ciphers, but when it comes to applications, and human privacy and security goals, and human to human trust bootstrapping protocols, the conversation has to get a lot wider. It is normally dominated by security engineers like us close to the hands on use cases, and the people doing the hard work in the working groups and tool development circles that understandably wish to quietly read different takes from a safe distance.
Cryptography basically always explodes at the joinery. One of the guiding principles of modern cryptographic tools is designing implementations that do not have footguns, where the default behavior solves the default threat model and dangerous things are outright impossible. This has been apparent in the string of GPG security failures over the past several years. It's not that somebody breaks RSA or AES. It's that the tools willingly emit bad data because of bad error handling, and then users are told they were holding it wrong and it's their fault for choosing a bad implementation.
Maybe it's worth asking if the reason cryptographers aren't engaging with the work to "modernize" PGP, and that instead we're seeing them building and shipping individual focused solutions to specific workflows, is perhaps because their constructive feedback is akin to ~"you are fundamentally trying to prop up a house of cards that should not exist"
I'm going to take "the appeal to authority game" as an agreement that you think it's unlikely you'd find such a person to vouch for a modernized rebirth of PGP, or really any continued use of PGP.
A renewed IETF working group that aggressively deprecated legacy ciphers and mandated modern ones with optional PQ crypto support (RFC 9580). Lots of actively developed rust implementations like rPGP, rsop, rpgpie, sequioa. Easy key provisioning and backup with smartcard support via keyfork. Smartcards with rust firmware by Nitrokey. Modern key distribution and trust bootstrapping via openpgp-ca, hagrid, keyoxide, etc.
GnuPG is admittedly garbage, but also that has not been a valid implementation of PGP specifications for a while and no one should use it anymore. PGP != GPG
I would strongly suggest taking a hard look at the last decade of thankless work going on to modernize the PGP ecosystem we all rely on directly or indirectly.
Currently writing up the above and a lot more in detail to refute years of outdated rhetoric on this topic so we can start having more useful conversations about it.