But OpenPGP detached signatures, that are isolated and does not depend no transport protocols (TLS), defend you from all that kind of MitM attacks, because they are point-to-point (directly from developer to end-user), without depending on any third-party (like CA issuing TLS certificates, DNSSEC provides, intermediate DNS proxies that must not strip DNSSEC off, and so on).
Exactly. Even the famed homakov's company delivers keys via HTTP: http://sakurity.com/contact this BS about HTTPS providing the illusion of security is nonsense. It's much harder to even do a protocol downgrade attack (and we have HSTS lists for those!) than it is to replace a single endpoint or key of a HTTP connection.
For example http://www.cypherpunks.ru/pygost/Download.html page contains instructions how to receive the key. You can get it using either maillist, website, DNS, keyservers. And you can use various DNS servers and transport routes via Tor. There is plenty of options. And this key is signed with another one containing many signatures. Of course there is no full guarantees, but at least you have to do it just once and then conveniently do tarballs verifying. With TLS you have to do it everytime, all the time you visit and connect to the server.
Moreover how can you "transfer" the trust to other people? If you proxy/give tarball to someone else, then how can you prove that you did not tamper it? Again, with detached signatures people knowing public key can authenticate it, without connecting to Internet. With TLS there is only single distribution point (TLS website) that can not transfer trust to someone else.
What CA should be used for certificate issuing? Paid one? Not an option if you do not want to support PKI business model (it is business, not security). CAcert.org? Modern browsers and operating systems does not include its certificate too. So anyway you have to get its public key too somehow.
So, TLS has the same problem of getting the public key and is less convenient in use, requiring TLS-aware webserver (instead of cheap providers with static pages hosting), without ability to transfer trust (send signature separately) to someone else. OpenPGP keys (for www.cypherpunks.ru websites), comparing to CA ones, can be received with several (!) keyservers (many of them replicates between themselves), several (!) DNS servers (listed as NS record), through various transports (VPN, proxy, Tor) to one of webservers (listed as A/AAAA record).
That was my point. How do you know the pub key is not tampered with? Come to think of it, is meeting in person the only reliable way to reliably exchange keys?
