1) Key rotation can solve the second part of this.
2) Key rotation solves this, but you lose the ability to read old messages yourself. If you don't have the keys anymore you can't view the message.
3) This isn't unique to PGP? Or do you have an alternative? Because plaintext is infinitely less secure in this regard.
4) Depends how you determine trust of a user. In an ideal world you'd be correct. But I trust the person I've known for nearly 6 years is them when I signed their key, though we've never met IRL. Very possible it isn't them but is also astronomically slim of a chance.
Key rotation makes the WoT even more complicated and less trustworthy. That's a big problem.
Proving you're you is great if you're, say, Canonical distributing package updates to Ubuntu, where the adversary is malware distributors.
But where your adversary is eg: the FBI, then it promotes a false sense of assurance, because it's actually really easy to spoof someone if you can arrest them and force them to give the key password.
2) Key rotation solves this, but you lose the ability to read old messages yourself. If you don't have the keys anymore you can't view the message.
3) This isn't unique to PGP? Or do you have an alternative? Because plaintext is infinitely less secure in this regard.
4) Depends how you determine trust of a user. In an ideal world you'd be correct. But I trust the person I've known for nearly 6 years is them when I signed their key, though we've never met IRL. Very possible it isn't them but is also astronomically slim of a chance.
Key rotation makes the WoT even more complicated and less trustworthy. That's a big problem.