N.B. I'm aware that the author's goal was very different from mine. The criticisms I will mention are more addressed to myself than to his work.
This history is an interesting one as it starts with the invention of SMTP in 1981, 10 years before PGP invention, and situates its invention with a 1991 senate Bill 266 to ease electronic surveillance. Major historical events (the release of differente versions of the program, the publication of atlernative competitor (such as S/MIME or OTR), as well as vulnerabilities (e.g. Efail) are mentioned. There are also many criticisms that are mentioned and dated back in time.
However, several elements are missing in my opinion:
- A clear definition of what is PGP: a software program, a standard, or still something else? Or rather, a historical view of how the script of this object has changed over the year, to become several kinds of things. In this article, it is implicit that we talk about the standard, but the history of the standardiation process is missing and PGP is much more than only a standard for E2E encryption of email communcation.
- There is also very few information about the people behind this history. Zimmermann is the only contributor to be mentionned. It is important to note the importance of other people, such as Schumacher in Norway the 90s, Koch in Germany since 1999, and others.
- Very few institutions are mentioned. What roles have the IETF, the MIT, or other organizations/institutions (also national agencies) played in the history of PGP?
- The types of events that are mentioned could be broadened and more detailed. Release of new versions, discoveries of vulnerabilities, change in the laws or policies, beginning of collaboration with institutions (MIT, Germany's BSI), etc.
- The infrastructures that underline this technology are also missing in this history. What about key servers for instance? Or the very email infrastructure and its development?
- The ideologies underlying the work around this technology are also missing: for instance, why PGP was invented at all? Is it important to know that Zimmermann was a political activist? If yes, why? What about the Web of Trust?
- More fundamentally, I think there is too little emphasis on the mundane and almost invivible work of maintenance that punctuates all histories. Many people are working on or with the standard, with very different goals (only authentification stuff, secure email service providers, and so on. Where are these people? Why don't they have a voice in this history?