That's cool. I didn't know ssh-keygen could do this, but, to be honest, the UX of gpg is a step better as it manages the "allowed signers" file. Not that ssh-keygen couldn't do that, but it seems to be minimal design (which is fine and right for that tool).
Also, article is biased toward pki (vs web of trust) and tries to pass off github as a type of 'cert authority'. ssh signing is 'web of trust' but it leaves the trust implementation totally up to the user. Neither system is "better", the tradeoffs just need to be known and at least pgp implementations will have ux to provide for web of trust.
Also, article is biased toward pki (vs web of trust) and tries to pass off github as a type of 'cert authority'. ssh signing is 'web of trust' but it leaves the trust implementation totally up to the user. Neither system is "better", the tradeoffs just need to be known and at least pgp implementations will have ux to provide for web of trust.