> SSH public keys are one line strings that are easy to copy around. You don't need to use the Web of Trust
PGP public keys you can also just copy around? Nobody is forcing you to use the web of trust with PGP either, if you don't want it. But if you do use keys extensively, it actually helps you: if your boss already verified a customer key, you don't have to re-do the work and meet up in person or ask your boss to send it over before you can use it. Now extend that to a whole network of colleagues, where you configure per-colleague whether you think they properly verify other people's keys, and this whole key distribution problem becomes a lot easier without having to rely on third parties (CA system like with https).
Just a small note, this obviously doesn't invalidate the rest of the article!
On the other hand, it's very easy to "leak" keys into keyservers by one mistaken command with GPG.
Maybe you have backup signing keys or whatever secret project encryption keys - and you would prefer for privacy and obscurity that the "public" halves are not distributed on keyservers.
In this sense, I think GPG continues the culture of a more naive and smaller internet by thinking that most keys want to have their public part online.
PGP public keys you can also just copy around? Nobody is forcing you to use the web of trust with PGP either, if you don't want it. But if you do use keys extensively, it actually helps you: if your boss already verified a customer key, you don't have to re-do the work and meet up in person or ask your boss to send it over before you can use it. Now extend that to a whole network of colleagues, where you configure per-colleague whether you think they properly verify other people's keys, and this whole key distribution problem becomes a lot easier without having to rely on third parties (CA system like with https).
Just a small note, this obviously doesn't invalidate the rest of the article!