[akerl_]

> Okay so drop the IETF standard, web of trust, smartcard support, and external key discovery mechanisms to prove the whole keychain was not swapped out with a fake one, and just have everyone generate minisign keys exposed to system memory with no trust link backwards, and then sign things with probably the same algorithms. But then we cannot sign commits or code reviews with minisign because non standard, so i guess use ssh keys for those, and then maintain multiple keychains for each person.

Yes, all of that.

[lrvick]

At this point I can only conclude you are a troll, but if you are actually serious, I challenge you to prove it. I put in the work in the community for my side of this debate.

I would suggest you pick one of the mainline Linux distros that relies on PGP and make a detailed RFC with a plan to downgrade their security to your non standard minisign/ssh solution with private keys exposed in system memory as you propose, and make a convincing case why it is worth it and what advantages they get for doing so.

Let me know if you do. I am sure it will be a great case study.

[akerl_]

Thankfully OpenBSD did my work for me:

https://www.openbsd.org/papers/bsdcan-signify.html

[lrvick]

So 0.1% of the internet is protected by Ed25519 signatures because of this move. Meanwhile PGP has had Ed25519 support for years, with hardware security key support.

OpenBSD does fantastic work, but you and I both know it will never have any significant adoption on the web at this point.

Try to convince an actual Linux distro running any significant portion of the web they should stop using Ed25519 via PGP smartcards and use Ed25519 via signify exposing their keys to system memory (and thus malware) instead, with no key discovery protocol, for unspecified reasons.

Would love to see a threat modeling case for that.

At this point you have shown your hand. You hate PGP so much you would make security for everyone worse to get rid of it. There is no reasonable threat model to support your position.