I recently went back and tried to use GPG again. It’s much easier to integrate into my mail client now, which is good, but it still has the absolute glaring flaws that turned me away from it years ago.
- Key distribution is still completely adhoc, with at least 4 “major” repositories and my mail client still can’t automatically look up an email address in the repositories.
- Interaction with Outlook was impossible. They don’t even recognize each others attachments, and key exchange is still in the realm of bearded Unix hackers who also happen to be MS wizards.
- It doesn’t work with any webmail client.
- Cellphones don’t support it. Maybe there is an Android app that does, but iOS is clueless, and there’s no way to change the built-in mail app.
GPG still feels like a lab project that someone released out into the wild. The biggest issue is that given an email address, there is no clue as to where you should lookup their key, I would have thought that after all of these years someone would have figured out a better way to distribute keys, but the situation is the same it was 10 years ago.
One good thing: I found my old keys still in the repository. I had apparently never set an expiration date on them (oops). Nobody had ever used them to my knowledge.
