| ▲ | adastra22 3 days ago | |||||||
You (knowingly?) picked the one counter example, lol. Web of trust is the one application of PGP/GPG for which there isn’t a product ready replacement tool to point towards. GPG is built around web of trust, but this is generally believed to have been a very, very bad idea and the source of innumerable security problems for nearly every application that has tried to make use of it. The GPG replacements I would point to are purpose-built for specific domains and eschew web of trust: https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/ That said, you might find what you are looking for in the Rebooting Web of Trust project, and the various decentralized identity (DID) implementations that have come out of it: | ||||||||
| ▲ | XorNot 2 days ago | parent [-] | |||||||
No I picked the case I'm dealing with most commonly: which is establishing trust. X509 certs will also do this. I have numerous criticisms of the GPG system but it's not a solution to just not implement any solution at all: I.e. I need revocation lists, I need intermediate keys, I need the ability to establish alternate chains of trust or promote a chain to trusted. Some of this is very hard to do with x509 even or not will supported. | ||||||||
| ||||||||