> keys are hard to manage and use just because they never reached mainstream.
I think they never reached mainstream because there is a fundamentally difficult problem to solve that hasn't been solved.
Identity. There are so many similarly named people and organizations that a signature doesn't mean much, unless you understand the identity, and identity is fundamentally hard to understand.
Add on to that, images have a very long lifetime, and signatures become difficult to verify over time. After the key is changed, the old key may no longer be published. It can be difficult to verify when a signature was made, although there's options for signing services that can help... but when those services rotate keys or disappear, it can be difficult to validate their old signatures.
I think they never reached mainstream because there is a fundamentally difficult problem to solve that hasn't been solved.
Identity. There are so many similarly named people and organizations that a signature doesn't mean much, unless you understand the identity, and identity is fundamentally hard to understand.
Add on to that, images have a very long lifetime, and signatures become difficult to verify over time. After the key is changed, the old key may no longer be published. It can be difficult to verify when a signature was made, although there's options for signing services that can help... but when those services rotate keys or disappear, it can be difficult to validate their old signatures.