I can't seem to find any up-to-date documentation on how to deploy DNS
PKA records for use with `auto-key-locate`. I tried `gpg
--export-options export-pka --export` and pasted those records directly
in DNS, and yet when I use `--auto-key-locate pka`, I get:
error retrieving 'r...@rmf.io' via
There's an important distinction to be made between using this approach
and using a SmartCard. The encrypted USB drive approach leaks the keys
into the machine you're using it from; they're accessible by simply
reading the filesystem (thus the claim that "When you unplug the USB,
your keys are gone
