Infrastructure support for GnuPG post-quantum keys
Vincent Breitmoser
look at my.amazin.horse
Mon Jan 6 10:53:43 CET 2025
Hey there,
fair points here, for users who don't see value in certificate discovery
via verifying keyservers. I would argue it's not universally agreed
upon: We did see 60k newly verified email addresses on keys.openpgp.org
in the last year though, adding to a total of half a million or so.
> For initail key discovering (lookup) there are better methods:
>
> - Send the key with your initial may and start to build up trust.
> (after all there must be some reason that you trust a mail address)
>
> - Send the key along with the initial signed message by using the gpg
> option --include-key-block. This does not even require mail.
>
For both of these options, do you think PQC-sized public keys might
become a challenge?
Cheers
- V
More information about the Gnupg-users
mailing list