Interoperability with OpenPGP crypto-refresh

Werner Koch wk at gnupg.org
Wed Feb 1 18:40:27 CET 2023


Hi Kai,

On Wed,  1 Feb 2023 17:13, Kai Engert said:

> specification. However, IIUC the GnuPG developers have concerns about
> the changes that are being considered in that specifications, and IIUC

No, we have no concerns we will simply not implement the recently
heavily changed "crypto refresh".  These changes were done despite that
the two major OpenPGP implementations had deployed the rfc4880bis (aka
“old crypto refresh”) changes years ago after having done interop
testing between these implementations.  In fact we deployed the code in
the common and long tested way of first having the changes in the
read-part deployed and only later to enable the write-part of the
changes.

The recent changes in the “new crypto refresh” introduced a new level of
complexity mainly to support the fragile and easy to get wrong GCM
encryption mode.  There is already now no more need for GCM because the
patent on the way better and more secure OCB mode has been waived.  Even
for years royalty free licenses were granted in almost all domains and
for all open source implementations for the OCB mode.  Which GnuPG and
RNP deployed years ago.

Complexity is the worst enemy of security and OpenPGP is already complex
enough.  It is a Bad Idea to add extra complexity in whatever form.  I
strongly advise not to follow the path the IETF OpenPGP design committee
has taken recently.  The X.509 committee designed trouble should be
enough of historic evidence to be warned.


Shalom-Salam,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20230201/2ebd980c/attachment.sig>


More information about the Gnupg-devel mailing list