The person I'm replying to says that PGP is hard to use because there's so many options you have to know and use correctly. I completely agree with that, its UX is most probably the main reason it isn't more widespread. But that doesn't invalidate PGP itself: the format is still useful, we have the tools to use it correctly. So I'm saying that using PGP crypto is still worth it, especially if all the bad bits (configuring, tuning) are managed automatically by the application.
The problem with a universal format is it's hard to know that everyone you're talking to does things right. If you have end to end security and the other end leaks, that's not very good. Whereas with a limited format I know a non-malicious counterpart probably has their client configured just like mine.
Here's a good quote from the article at the top of this chain:
> Take AEAD ciphers: the Rust-language Sequoia PGP defaulted to the AES-EAX AEAD mode, which is great, and nobody can read those messages because most PGP installs don’t know what EAX mode is, which is not great. Every well-known bad cryptosystem eventually sprouts an RFC extension that supports curves or AEAD, so that its proponents can claim on message boards that they support modern cryptography. RFC’s don’t matter: only the installed base does. We’ve understood authenticated encryption for 2 decades, and PGP is old enough to buy me drinks; enough excuses.
> You can have backwards compatibility with the 1990s or you can have sound cryptography; you can’t have both.
I am very well aware of the criticisms against PGP-as-a-model and I actually agree with them. The premise that having an open protocol makes changes 10x harder to actually spread is very true. I still believe that it's better to have that than everyone doing the same thing over and over and over again, "but this time it's better".
HTTP, javascript and TLS have also shown that a sufficiently motivated set of actors can move the ecosystem forward. True, organizing the ecosystem is not the same job as actually building stuff, but it's still beneficial to all of us.
