> It survives only because nerds have a parasocial relationship with it.

I really would like to replace PGP with the "better" tool, but:

* Using my Yubikey for signing (e.g. for git) has a better UX with PGP instead of SSH

* I have to use PGP to sign packages I send to Maven

Maybe I am a nerd emotionally attached to PGP, but after a year signing with SSH, I went back to PGP and it was so much better...

▲

computerfriend 10 hours ago | parent [-]

> better UX with PGP instead of SSH

This might be true of comparing GPG to SSH-via-PIV, but there's a better way with far superior UX: derive an SSH key from a FIDO2 slot on the YubiKey.

▲

palata 2 hours ago | parent [-]

I do it with FIDO2. It's inconvenient when having multiple Yubikeys (I always end up adding the entry manually with ssh-agent), and I have to touch the Yubikey everytime it signs. That makes it very annoying when rebasing a few tens of commits, for instance.

With GPG it just works.

▲

ahlCVA an hour ago | parent [-]

For what it's worth: You can set no-touch-required on a key (it's a generation-time option though).

	▲	palata 13 minutes ago \| parent [-]
		Sure, but then it is set to no-touch for every FIDO2 interaction I have. I don't want to touch for signing, but I want to touch when using it as a passkey, for instance.