Addressing the Moxie Marlinspike post - PGP being flexible and comprehensive is not the problem. The implementations/libraries (including GPG) being a fossil from last century are.

From my own experience I can say that the libraries are not well designed - they couple things together (like key management and decryption) and make some things hard to do even if they are conceptually simple (like checking a signature without first building a key-ring data structure with all keys from a file).

Progress comes from many experiments, going in all kinds of directions in UI design, infrastructure building etc. You need a comprehensive fundations to base on these experiments on.

>You need a comprehensive fundations to base on these experiments on.

The problem is that people build this huge, powerful libraries, but nobody seems to write the "limiting" libraries that take a subset of the powerful base library and create an easy to use experience from the user.

I suppose this largely stems from "implicit knowledge": People who can write cryptography apps likely know enough crypto that they can't themselves identify usability problems.

1) libraries are often too complex for the avg dev: well, crypto is complex and there is rarely a one-size-fits-all solution. however, there are high level APIs that address your issues in openpgp.js (https://github.com/openpgpjs/openpgpjs). problem is that a lot of people try to roll their own crypto if the library does not offer those high level #box() and #unbox() functions. and THAT is a real problem down the road.

2) lack of empathy is really a big problem, which I've articulated here: https://blog.whiteout.io/2015/01/29/why-alice-has-a-problem-...