Interoperability with OpenPGP crypto-refresh

Andrew Gallagher andrewg at andrewg.com
Thu Feb 2 15:49:05 CET 2023 

On 2 Feb 2023, at 08:31, Kai Engert via Gnupg-devel <gnupg-devel at gnupg.org> wrote:
> 
> I'm asking the OpenPGP community to work together and find a standard that works for everyone.

I’d like to whole-heartedly second this. It is not only client software that will be forced to make unpalatable decisions if the standard forks, but also keyservers.

Hockeypuck relies heavily on Protonmail’s fork of gopenpgp. Protonmail are invested in crypto-refresh and will certainly implement the new RFC when it is finalised. Hockeypuck does not have the developer resources to maintain yet another fork of gopenpgp, and so will have little choice but to track upstream. This would mean that the vast majority of synchronising keyservers, including keyserver.ubuntu.com <http://keyserver.ubuntu.com/> (gnupg’s default keyserver) would not be able to handle v5 keys created by gnupg. Hagrid's dependency on sequoia-pgp means that keys.openpgp.org <http://keys.openpgp.org/> would also similarly be unavailable, leaving gnupg users without a reliable keyserver service. Conversely, keys created using the new RFC could not be processed by gnupg-wks-server, potentially forcing individual users to conform to a domain-wide policy re the split.

This is not simply a case of a standard forking, because neither side ends up owning sufficient share of the pieces to rebuild a functional ecosystem. This prospect is IMO unthinkable, and would set OpenPGP back by many years, with potentially irrevocable consequences. I don’t believe that the technical disagreements are insurmountable if there exists sufficient political will to bridge the gaps.

A

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20230202/3f5a6ef0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20230202/3f5a6ef0/attachment.sig>

More information about the Gnupg-devel mailing list