@jarkko TLS in OpenSSL, GnuTLS, NSS are done, Go has key exchange shipped, signatures following soon.
OpenPGP just dropped a new RFC and @sequoiapgp has a branch. GnuPG will do something incompatible, so switching to a better implementation is probably in order.
Kernel either has a verification of ML-DSA signatures pending or already merged.
Beyond that, not much. Oracle promised something in Java second half of this year.
@jarkko for CAs for TLS, it seems Merkle Tree Certificates will be the way to go, but nobody has support for those yet and the standard isn't done.
@jarkko oh, and SSH also has key exchange already, both in OpenSSH and libssh. Signatures are currently being discussed in the IETF SSH WG.
@jarkko @neverpanic @sequoiapgp yeah can we instead of/in addition to PQC have a post-GPG cryptography?
@jarkko @sequoiapgp @vbabka There's still room for improvement, but given that we're looking for an alternative to put into RHEL 11, we're planning to take a swing at it over the next year or two.
@jarkko @sequoiapgp @vbabka No idea about offline root keys, maybe @nwalfield knows. Smartcard support exists but needs some more polishing.