No, I call it dead because it's dead. The SKS network is dead, the strong set is moribund, and the remaining real users of PGP are instead slinging key bundles around by baking them into pre-trusted artifacts (like ISOs). But that's not a "web of trust," it's just bespoke centralized key distribution with a certification format that every single serious cryptographer agrees is terrible.
(And this is before a more brute statistical argument: even at its greatest extent, the PGP ecosystem was minuscule[1].)
I am deeply aware of Moxies views on this, and we have talked about them at length, and he is wrong. Also SKS and GnuPG are not OpenPGP. GnuPG no longer conforms to modern OpenPGP standards and is the IE6 grade implementation that we should stop talking about and using and on that point at least moxie and I agree. I found a major CVE in gpg myself.
But regardless of tooling, it is about the keys and who holds them and who they endorse. It does not really matter how keys are distributed. It matters that keys signed other keys and that we have a way of downloading them and verifying that.
We cache a copy of all 5444 keys in the web of trust of stagex maintainers in our keys repo and you can draw a line from our keys to the keys that signed commits to the linux kernel today. These also sync and update from a dozen SKS keyservers that are still online for anyone that wants to build a key directory as we did.
Though SKS is being rapidly replaced with WKD where every domain hosts their own keys and they are automatically discovered.
Are you really going to say this has no trust or security value?
We should all just stop and let Github sign everything for us even though they don't full source bootstrap anything or sign commits or use deterministic builds?
What is the outcome you are actually arguing for here.
> It does not really matter how keys are distributed. It matters that keys signed other keys and that we have a way of downloading them and verifying that.
I think it matters if you want to call it a WoT. But also, I don't think any signatures originating from these keys are being verified usefully at any meaningful scale.
> Are you really going to say this has no trust or security value?
I think it has marginal security value, maybe net-negative if you balance it with the fact that cryptographers and cryptographic engineers have to waste time arguing against using PGP.
> What is the outcome you are actually arguing for here.
I like binary transparency. I also think identity-based signing is significantly more ergonomic, and has seen more adoption in the last 4 years than PGP has in the last 35. And I think this is actually a stunning indictment, because I'd say that identity-based signing schemes like Sigstore are still running behind my expectations.
> I think it matters if you want to call it a WoT. But also, I don't think any signatures originating from these keys are being verified usefully at any meaningful scale.
Web of trust is a web of mutually trusting keys, not a network of servers. That web can be verified on any computer as in the blog post by kron I linked earlier, and it is verified for every package install in our soon-to-be published sxctl tool we will be presenting at some conferences next month.
> I think it has marginal security value, maybe net-negative if you balance it with the fact that cryptographers and cryptographic engineers have to waste time arguing against using PGP.
So again, are you really saying all the maintainers of most services running the internet should stop using the only IETF standard built for human-identity-bound signing with keys held by those humans?
The alternative everyone seems to be suggesting with a straight face is login with github or google and let them sign for you with "keyless signing"? That is the only alternative that is gaining adoption, and it is a ridiculous downgrade. I consider it mostly security theater.
The whole point of humans holding their own signing keys locally is to be able to make it not matter if your centralized online accounts are taken over. Something that is usually easy to do because no one uses hardware 2FA or renews their personal email domains.
But, if they did use hardware 2FA, hey look they have a local signing key... why not just... sign the binaries with that hardware directly instead of using that to login and let someone else sign for you. And then if you are going to do that, you don't want to be impersonated, so why not publish those public keys, and have other maintainers sign them. And now we have re-invented the web of trust.