I've always thought that #pgp was pretty good, but I just came across this seemingly reasonable article that is *very* critical of it: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
The tldr:
* pgp has weak security options and code complexity for backwards compatibility with the 90s
* because of that, pgp is really easy to misconfigue with poor security
* pgp doesn't provide forward secrecy
* pgp encourages you to have one master key that you never change, instead of rotating
Any thoughts/rebuttals?