“you can have backwards compatibility with the 1990s or you can have sound cryptography; you can’t have both.”

Cryptography engineers have been tearing their hair out over PGP’s deficiencies for (literally) decades. When other kinds of engineers get wind of this, they’re shocked. PGP is bad? Why do people keep telling me to use PGP? The answer is that they shouldn’t be telling you that, because PGP is bad and needs to go away.

Source: Latacora – The PGP Problem

I knew PGP was bad and had avoided it cos I knew of its eldritch complexity of integration but I didn’t know about the rest.

Figures that Thunderbird is planning on integrating it as a built-in function.

They should probably use something else, methinks.