In light of the recent GnuPG vulnerabilities, I remembered that OpenPGP is almost never the right choice. CMS/PKCS#7 isn't any better, and X.509 is also bad except that its extremely wide deployment in TLS keeps it alive.
See <https://www.latacora/com/blog/2019/07/16/the-pgp-problem/> and <https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/>. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
