So 0.1% of the internet is protected by Ed25519 signatures because of this move. Meanwhile PGP has had Ed25519 support for years, with hardware security key support.
OpenBSD does fantastic work, but you and I both know it will never have any significant adoption on the web at this point.
Try to convince an actual Linux distro running any significant portion of the web they should stop using Ed25519 via PGP smartcards and use Ed25519 via signify exposing their keys to system memory (and thus malware) instead, with no key discovery protocol, for unspecified reasons.
Would love to see a threat modeling case for that.
At this point you have shown your hand. You hate PGP so much you would make security for everyone worse to get rid of it. There is no reasonable threat model to support your position.
OpenBSD does fantastic work, but you and I both know it will never have any significant adoption on the web at this point.
Try to convince an actual Linux distro running any significant portion of the web they should stop using Ed25519 via PGP smartcards and use Ed25519 via signify exposing their keys to system memory (and thus malware) instead, with no key discovery protocol, for unspecified reasons.
Would love to see a threat modeling case for that.
At this point you have shown your hand. You hate PGP so much you would make security for everyone worse to get rid of it. There is no reasonable threat model to support your position.