Infrastructure support for GnuPG post-quantum keys

[have at anonymous.sex]

On Tue, 7 Jan 2025 00:32:36 -0500, Robert J. Hansen 
<rjh at sixdemonbag.org> wrote:

>IIRC, Autocrypt specifies a way for public keys to be transferred in 
>an email header that's parsed by Autocrypt-aware clients and not 
>rendered or acted upon by non-aware clients. Seems like the best thing 
>going right now.

Thanks for the suggestion.  I see your headers.  The last time that I 
tried to get Autocrypt working, it failed due to my unusual local 
configuration (probably not an Autocrypt issue).  I should try again.

In the interim, I placed some new headers in my mail to give people (a) 
alleged fingerprints, (b) an alleged last-modified hint to help clients 
keep it refreshed, (c) a pointer to my key (albeit not here one I can 
update), and (d) a brief advocacy message for humans.  I dislike the 
abbreviation that I used, but I wanted to make my v5 fingerprint fit on 
one line in a standard 80-column terminal.

Perhaps there should be a standard for such header lines, which MUAs can 
automagically parse and use without inclusion of the full key in the 
header of every message.  Perhaps there already is, and I don’t know?

**Note to users who trust too much:**  These header lines are 
unauthenticated, and MUST NOT be treated as verified information.  My 
intended threat model here is like Autocrypt.

-- 
# Remember these on Wednesday, January 15, 2025:
https://web.archive.org/web/19971024171609/http://www.eff.org/blueribbon.html
https://web.archive.org/web/19971114041230/http://www.eff.org/pub/Legal/Cases/ACLU_v_Reno/19970626_eff_cda.announce
https://www.supremecourt.gov/search.aspx?filename=/docket/docketfiles/html/public/23-1122.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/9daf96a2/attachment-0001.sig>