Eh. You don't really get to do this sleight of hand. If you're gonna rag on RSA support as a shibboleth for bad design, it's bad for GPG and bad for age. If it's direct evidence of bad design, age shouldn't have permitted it via their SSH key support.
I agree in principle, but I'm not looking at "what SSH dragged in". I'm looking at age as a pure isolated thing, according to the spec: https://github.com/C2SP/C2SP/blob/main/age.md
This transparency keyserver actually gives us an excellent opportunity to measure how many people use Curve25519 vs RSA, even with SSH support.
We should contrast this with actively valid public keys on a PGP keyserver in 2026 and see which uses modern crypto more. The results probably won't be surprising ;)
We've moved from "PGP supports RSA. That's enough reason to avoid it." to "We should contrast this with actively valid public keys on a PGP keyserver in 2026 and see which uses modern crypto more".
