PGP's biggest weakness was that it was too early. There was no normal user accessible software available. No regular person was going to establish the web of trust or use command line utilities.
So now we have easy, strong encryption and the keys are controlled by...someone. Definitely not the user, though.
No, PGP's weakness is that the Web of Trust is an unworkable solution for the general population for key exchange. It works fine for a you and your circle of crypto nerds, but as a general solution it's impossible.
IMHO this is a case where perfect was the enemy of good. Many possible solutions were rejected because there was a possibility that someone could MITM your first contact, even though in the real world this is unlikely. The key registries were almost a solution but none of them ever gained enough traction to be a default solution and mail clients were strangely hesitant to incorporate them even when they did implement PGP.
PGP was always half of the solution. Sadly they never figured out the other half. Microsoft almost got it working with Exchange, but even then you usually it only works on a single domain at a time. You can't use encrypt an email to someone at a different company even if they are using Exchange.
Web of Trust is a perfectly fine system but UI-wise a total disaster. There's also the reality that what most people need most of the time is a web of trust that includes government agencies, banks and other major institutions.
For the vast majority of useful communications for users, your web of trust ideally goes You -> Government ID Agency <- Recipient. And that's fine - that's what people actually need. People get scammed or deceived by faking those credentials.
No but that's the point: you do have to physically go to the DMV, or the bank, quite frequently. And for most people, the important point to point communications are interactions you want validated against those entities.
If my mom gives me her public key, I trust that it is her public key. If my mom signs some other person's public key - I really don't know how much I trust that. Trusting that somebody is who they say they are is not the same as trusting them to properly vouch for another person.
This is still a UI problem though more then any other: Web of Trust stored and it could have displayed the actual verification chains, and set up some decent defaults based on that - i.e. "Government", "Bank", "Personally Verified", "Friend of a Friend" - all of this would be easy to communicate via what keys signed what exactly who you were dealing with.
This even leads to a logical DNS integration: debian.org advertises the core group of keys which should verify people on that address via DNS, and it shows up as "DNS-only" or something.
Good crypto frequently undermines itself by trying to be adversarial to the whole concept of government or big companies (look at TLS - it succeeded because it's the antithesis of this) but those the primary users and coordinators that can drive adoption.
I have this complaint with Signal right now: if Signal wanted a legitimate funding source, they should sell a "verified Signal" service to let companies subscribe to use Signal as an alternative to SMS providers - my father wants to do this for his small business right now, to replace the SMS bulk sender and be able to send larger files to people securely.
This is the reason Frendster failed. Friending someone automatically made you a friend with all of their friends, even the ones that were jerks or you had never met.
Notably, in recent hosted versions of Exchange that has been resolved since they can use Azure AD to authenticate across tenants, and if you don’t have Office 365 you can make a temp account in their tenant when you click on the link to see the email. It works fine (unless you’re still on-prem for email).
