I assume once it's stabilized you'd swap the `go run` for just installing and using a binary, similar to what you're already doing with age.

Honestly not sure why I didn't do that once the tool had stabilized.

Switched to

    go install filippo.io/torchwood/cmd/age-keylookup@main
    age -r $(age-keylookup alice@example.com)

age is designed to be composable and very stable, and this shell combination works well enough, so it's unlikely we'll build it straight into age(1).

Offtopic but I really appreciate golang and so I am always on the lookout of modern alternatives and I found age and I found it to be brilliant for what its worth

But I was discussing it with some techies once and someone mentioned to me that it had less entropy (I think they mentioned 256 bits of entropy) whereas they wanted 512 bits of entropy which pgp supported

I can be wrong about what exactly they talked about since it was long time ago so pardon me if thats the case, but are there any "issues" that you know about in age?

Another thing regarding the transparent servers is that what really happens if the servers go down, do you have any thoughts of having fediverse-alike capabilities perhaps? And also are there any issues/limitations of the transparent keyserver that you wish to discuss

Also your work on age has been phenomenal so thank you for creating a tool like age!

> But I was discussing it with some techies once and someone mentioned to me that it had less entropy (I think they mentioned 256 bits of entropy) whereas they wanted 512 bits of entropy which pgp supported

> I can be wrong about what exactly they talked about since it was long time ago so pardon me if thats the case, but are there any "issues" that you know about in age?

Entropy bikeshedding is very popular for PGP / GnuPG enthusiasts, but it's silly.

age uses X25519, HKDF-SHA256, ChaCha20, and Poly1305. Soon it will also use ML-KEM-768 (post-quantum crypto!). This is all very secure crypto. If a quantum computer turns out to be infeasible to build on Earth, I predict none of these algorithms will be broken in our lifetime.

PGP supports RSA. That's enough reason to avoid it.

https://blog.trailofbits.com/2019/07/08/fuck-rsa/

If you want more reasons:

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/

> PGP supports RSA. That's enough reason to avoid it.

I hate to break the narrative but age also supports RSA, for SSH compat:

https://man.archlinux.org/man/age.1#SSH_keys

That's only because SSH supports RSA. Mainstream usage of age with age public keys only supports X25519.

Eh. You don't really get to do this sleight of hand. If you're gonna rag on RSA support as a shibboleth for bad design, it's bad for GPG and bad for age. If it's direct evidence of bad design, age shouldn't have permitted it via their SSH key support.

I agree in principle, but I'm not looking at "what SSH dragged in". I'm looking at age as a pure isolated thing, according to the spec: https://github.com/C2SP/C2SP/blob/main/age.md

This transparency keyserver actually gives us an excellent opportunity to measure how many people use Curve25519 vs RSA, even with SSH support.

We should contrast this with actively valid public keys on a PGP keyserver in 2026 and see which uses modern crypto more. The results probably won't be surprising ;)

Those goalposts are really agile.

We've moved from "PGP supports RSA. That's enough reason to avoid it." to "We should contrast this with actively valid public keys on a PGP keyserver in 2026 and see which uses modern crypto more".

We aren't having the same discussion in both places, so no, it's not a fucking goalpost.