The 2026 OpenPGP Email Summit: Key Developments in Encrypted Email

The OpenPGP Email Summit is an annual gathering for developers, researchers, and advocates working on encrypted email technologies. The tenth edition, held in March 2026, brought together the community to discuss the latest advancements and challenges. The published minutes reveal significant progress on several fronts, including post-quantum cryptography, ubiquitous email signatures, forward secrecy, and domain governance. Below are the key takeaways from this pivotal event.

What is the OpenPGP Email Summit and when was the tenth edition held?

The OpenPGP Email Summit is a regular meeting that brings together experts and enthusiasts focused on advancing encrypted email technologies. It serves as a collaborative forum for sharing updates, discussing roadblocks, and planning the future of secure communication. The tenth installment took place in March 2026, continuing a tradition that began with the aim of strengthening OpenPGP and related standards. The recently published minutes offer a comprehensive overview of the discussions and decisions made during the event, highlighting the community’s commitment to evolving email security in an era of emerging threats.

What progress was made on post-quantum cryptography at the summit?

Post-quantum cryptography (PQC) was a major highlight of the 2026 summit. Several actors in the OpenPGP ecosystem announced plans to roll out PQC support within the year. These initiatives aim to protect encrypted emails against future quantum attacks, which could break currently used public-key algorithms. The discussion focused on integrating quantum-resistant algorithms such as CRYSTALS-Kyber and Dilithium into OpenPGP implementations. Participants also addressed interoperability challenges and the need for a smooth transition path for users. The summit marked a concrete step towards making PQC a practical reality for email encryption, with multiple projects aligning on timelines and testing frameworks.

How is the summit working to make OpenPGP email signatures ubiquitous?

A promising new approach for making email signatures widespread was discussed at the summit. The goal is to make OpenPGP signed email a default setting in major email clients, thereby boosting authenticity and trust without requiring user intervention. The plan involves simplifying the user experience and integrating signature verification seamlessly into existing workflows. By lowering the barrier to adoption, the community hopes to increase the number of signed emails significantly. This initiative builds on earlier standards like Autocrypt and aims to create a more secure email ecosystem where signatures become the norm rather than an optional feature.

What is the new draft offering reliable deletion or forward secrecy for OpenPGP?

A notable development from the summit is a new draft specification that introduces reliable deletion capabilities—often referred to as forward secrecy—to OpenPGP. This feature ensures that if an attacker gains access to a user’s long-term secret key at some point in the future, they cannot decrypt previously captured encrypted messages. The draft proposes mechanisms to create ephemeral session keys and to regularly discard old key material. Discussions at the summit covered practical implementation aspects, including how to maintain compatibility with existing OpenPGP systems. This addition addresses a long-standing limitation and strengthens the protocol's promise of confidentiality over time.

What are the plans for transferring ownership of the OpenPGP.org domain?

The summit also addressed the governance of the OpenPGP.org domain, which serves as a central online resource for the community. A plan was presented to transfer ownership of the domain from its current maintainer to a more representative body, such as a foundation or a consortium of stakeholders. This move aims to ensure long-term stability, prevent a single point of failure, and align the domain’s administration with the broader interests of the OpenPGP ecosystem. Participants discussed legal and financial aspects, as well as the timeline for the transition. The decision reflects the community's desire to decentralize control and foster collaborative stewardship of key infrastructure.

How does the summit foster collaboration among encrypted email developers?

The OpenPGP Email Summit provides a unique opportunity for developers from different projects and organizations to meet face-to-face, share experiences, and coordinate efforts. The 2026 edition featured working sessions, brainstorming on interoperability standards, and discussions on common challenges like key management and user experience. The informal setting encourages networking and the formation of ad hoc working groups that continue to collaborate throughout the year. Minutes from the summit serve as a permanent record of decisions and action items, helping to maintain momentum. This collaborative environment is crucial for the fragmented landscape of encrypted email, ensuring that diverse implementations can evolve together while maintaining compatibility and security.