There's no need for that.

The choice between ChaCha20 and AES can be left to the clients with the "PrioritizeChaCha" option. On both OpenSSL and BoringSSL, likely similar options are available with other libraries as well. Anything else such as not enforcing any preference is unnecessary.

> Not only can it do all the ssh-agent operations

It can not. Doesn't work with PKCS#11 PIV. In general GPG's behavior with SmartCards is idiotic and interferes with many other applications.

It's good that people don't use GPG more often and I can just purge it from my systems.

What do you mean? I use GPG with SSH (or SSH with GPG) all the time, and I need gpg-agent for that. GPG's agent replaces ssh-agent and serves SSH keys derived from your GPG key.

Can you do this with Age? If not, then I am going to stick to GPG.

I'm unsure what was unclear. It simply does not provide PIV support and it interferes with other software that wants to utilise SmartCards.

Can Age interfere with all SmartCard usage? No clue.

Oh well, let us just agree on that comparing Age to GPG is silly, ergo "Switching from GPG to Age" is silly, unless it is "Switching from GPG to Age for file encryption".

Age doesn't do signing, key infrastructure, or email. Minisign/signify only sign. None are GPG replacements. They're partial feature subsets that are simpler because they do less.

So, to summarize these tools:

- Age: Only does file encryption, no signing, no key management infrastructure, no email integration

- Minisign/Signify: Only signing, no encryption

- GPG: Encryption, signing, key management, email integration, multiple recipients, subkeys, revocation certificates, web of trust (even if unused), smart card support, etc.

You cannot just simply switch from GPG to Age unless you are only doing file encryption. If this is the case, then sure, you can.

It's actually not that reliable either given a bit of effort. Only their paid offerings actually give you tools to properly defend against intentional attacks.

I would assume that an LLVM backend is created for new chips and then C is not the only thing getting support. There's very little point in just supporting C in that sense.

Don't worry, it's also probably going to come to other MUAs: https://www.rfc-editor.org/rfc/rfc9078.html

If it become standardized, it would be less annoying: you wouldn't receive shallow emails telling you that someone added an reaction to your email.

You would receive _something_ that your client could manage or drop.

Oh yes, absolutely. I just suspect that the author of the blogpost wouldn't want even standardised reactions.

My MSM560 that's approximately 15 years old can do >700Mbps with a 13 Pro. If you're getting less on newer hardware something is terribly wrong.

Most software and CDNs also don't utilise fast connections properly. It's kind-of a chicken and egg situation where hardware doesn't improve because customers don't demand it because software and services can't handle it (and you can start from the beginning).

It is very slowly improving, but by far the fastest widely used services I've seen are a few gacha games and Steam both downloading their updates. Which is rather sad.

Windows Update is slow, macOS update is abysmally slow, both iOS and Android stores also bottleneck somewhere. Most cloud storage services are just as bad. Most of these can't even utilise half a gigabit efficiently.

> If coding is careful and the code is review - there is no technical debt, or perhaps I should say no more than the unsafe parts of a rust codebase or the standard libraries. And the safety of critical infra code written in C gets _better_ over time, as such technical debt is repaid.

How many decades have we tried this? How many more to see that it just hasn't panned out like you describe?

When was GnuPG audited and by whom?

None of the models I've seen can actually do proper timing. It's all idiotic.