Doing end-of-the-year security housekeeping and figured it was time to generate a new GPG key with modern defaults. After looking into the model of a main key stored offline (like in a firesafe) and only using subkeys locally, I decided it wasn’t worth the effort. The reality is I almost only use these for signing GitHub commits. 🤷
The cypherpunk fever dreams of key signing parties and a robust web of trust feel pretty far away. Even Keybase is no longer mentioned. We’ll continue to solve this in different ways.
At any rate, my transition statement is linked here and included below.