Quantum computers that are able to break classical cryptography are generally expected to appear in the coming decades. To prevent encrypted emails from being decryptable by an attacker at that point, we need to start using post-quantum cryptography as soon as feasible.

To that end, we're standardizing the use of post-quantum cryptography in OpenPGP. In addition, for long-term storage and archival, we're standardizing the use of persistent symmetric keys, which allows for more efficient encryption, while still being post-quantum secure as well.

In this talk, we'll present the state of the standardization and implementation efforts, and discuss how the transition might affect applications using OpenPGP, as well as their end users.