Interoperability with OpenPGP crypto-refresh

[Christoph Anton Mitterer]

On Thu, 2023-02-02 at 09:31 +0100, Kai Engert wrote:
> If a significant amount of Thunderbird users wants to exchange
> messages 
> with users of GnuPG, then Thunderbird must not send messages that are
> incompatible with GnuPG.
> 
> In the same way, Thunderbird must not send messages that GnuPG 
> understands, but that other major implements of OpenPGP cannot
> understand.

Well that's what the open standardisation processes would have been
there for.

GnuPG, just as any other stakeholders, had (and I guess still have) the
chance to participate.
When the competing draft arose, numerous voice in the WG expressed the
wish for GnuPG to "come back" and work on areas of conflict.

If it left that processes to continue on it's own, well fine, but there
cannot be any expectation that all others follow.

Standardisation is also always about making compromises, and not about
the biggest stakeholder wins.


> Today, my opinion is, I don't want Thunderbird to pick one of the
> sides.

Which ultimately means that users of TB would still suffer
compatibility issues (with any user of incompatible new stuff from
either the standard or GnuPG) ... plus not getting any of such
modernish stuff (especially AEAD).


> I'm asking the OpenPGP community to work together and find a standard
> that works for everyone.

Well that surely would be the best, but from what one could have read
so far from representatives it doesn't seem as if that's going to
happen.
There is apparently enough desire in all that what the crypto-refresh
adds and what draft-koch-openpgp-2015-rfc4880bis-00 doesn't have, that
all it's proponents (which seemed to be a majority on the list - except
GnuPG) don't want to throw away >year of work.
And GnuPG seems to have also chosen it's path, at least from what one
could have read so far.

In the end we may just see both competing standards die and maybe
OpenPG with it.


Cheers,
Chrs.