<gchristensen>
I mean, I'm fine with receiving email
<gchristensen>
my impression is the BSD folks have been leading the pack moving away from GPG
<hexa->
And you obviously want public key crypto so you can preshare your pubkey
<gchristensen>
yeah
<gchristensen>
but this remains their reporting policy, meanwhile Filippo Valsorda also loves to dog on GPG and implement tools I like (like age) and suggests there are ready and convenient alternatives
<gchristensen>
so then I'm left wondering, why have they stuck to gpg for this
<hexa->
There is age by Filippo Valsorda, but it's nowhere near as integrated anywhere
<gchristensen>
yeah
<hexa->
Ah, I'm on mobile
<hexa->
And therefore slow 😄
<gchristensen>
ahh sorry to rush you :)
<hexa->
I could've chosen to reply later 😃
<hexa->
So it's the integration story that is lacking
<hexa->
You can publish your age pubkey, but the medium would be unclear I guess
<hexa->
There is also saltpack which I like a lot, but that's even less integrated anywhere but on keybase
<gchristensen>
the integration would be a convenience for the sender
<gchristensen>
since I have no such integration
<hexa->
And then there is the messenger category, which imo is a poor transport for these kinds of things
<gchristensen>
oh I got the attention of emaste. cool.
<gchristensen>
I don't feel responsible enough to have a pgp key
<hexa->
Does anyone?
<gchristensen>
I feel it is sort of a litmus test for "should I trust your pgp key?" if you say yes, I shouldn't
<hexa->
I'm just saying it's not very user friendly.
<gchristensen>
me too :)
<hexa->
My rsa2048 key is from 2010 and I should really retire it for something more modern, but alas I'm hesitant because it's very well distributed 🙈
<gchristensen>
a significant problem
<hexa->
It's a hassle
_ris is now known as ris
kleisli has joined #nixos-security
<qyliss>
My key will expire in a month, and there's nothing I can do about it because the master key is on a Yubikey 1000 miles away, which I can't really get to because of the virus
<qyliss>
Not a threat model I considered when I set things up :P
<Valodim>
phew, that's a tough one :)
<qyliss>
I might arrange to have it mailed to me
<qyliss>
But if it gets lost in the post then that's that
<qyliss>
Or, maybe I have a backup somewhere?
<qyliss>
I don't actually remember
<Valodim>
the primary key is only as valuable as the operations it performs itself. offline primary keys aren't as useful as one might think
<Valodim>
for typical users who don't sign keys for WoT purposes, the set of those operations will be only the management of subkeys. and those in particular don't really count because if any subkey is lost for whatever reason, it's not really an option to rotate those and keep using the same primary key