It's really funny watching career programmers that have strong opinions about design patterns and the single responsibility principle defend PGP.
My dudes, it's the God Class of cryptographic fucking risk.
@soatok@furry.engineer From an historical perspective PGP kinda makes sense, in the 80s, and early 90s it wasn't considered something everybody would need, was to be mostly used by people in the know, and the whole idea of cryptography was still in its infancy (so e.g. it was deemed possible to set up a web of trust). In short "the 80s called and it wants it cryptographic design back"
@deetwenty@todon.nl @soatok@furry.engineer I think we could have another go at web of trust, now that everyone is carrying a camera that can also do the required crypto literally all the time. It might be useful even on social media if it had different levels - both "I know this person IRL" but also "I don't know the person behind the screen but I've seen they're not a spam bot"
@orman@furry.engineer @soatok@furry.engineer the problem with Web of Trust is that it is surprisingly hard to explain to non technical people. Yes you could provide QR codes which makes it easier, but you still need to explain the why, and it is still a barrier to entry. On top of that a web of trust becomes a lot less useful if not a majority of users participate. In theory web of trust is nice, in practice it comes with a lot of headaches. That said at a small scale for smaller groups it might still be a useful concept, but will never really scale up to work at large (read internet wide) scales
@deetwenty@todon.nl @orman@furry.engineer Also, a lot of trust relationships have a half-life, and building that consideration into the UX without just expiring the keys themselves is frustrating
@soatok@furry.engineer @deetwenty@todon.nl @orman@furry.engineer
another major consideration is that webs of trust require you to trust everyone that a given person trusts; there's no consideration for "Alice trusts Bob and Gary; Bob trusts Charlie, Denise, and Ellen; Alice does not trust Charlie", and there isn't really a good way to handle that in software without leaking associations.
Soatok Dreamseeker
Botch Frivarg
