v5 vs v6 consequences

Kai Engert KaiE at kuix.de
Sat Sep 13 13:11:11 CEST 2025 

On 9/13/25 06:27, Jacob Bachmeyer via Gnupg-devel wrote:
> Do I correctly gather that LibrePGP defines v5 and RFC9580 defines v6? 
> If so, where is the problem?  What prevents both of those from co- 
> existing and implementations eventually supporting both?

It creates additional complexity for key management and group conversations.

Despite your suggestion, some implementations might chose to one of the 
specifications.

If Alices wishes to be compatible with everyone, including those who use 
software that implements one specification, would be required to own 
personal key pairs for both v5 and v6.

Alice will have to ensure that both of her keys are published and 
discoverable.

When Alice sends an email Bob to bootstrap an encrypted conversation, 
without knowing what software Bob uses, Alice would have to attach both 
her v5 and her v6 keys.

Now let's say Alice uses software that supports both v5 and v6, and Bob 
uses software that supports v5, only, and Charlie uses software that 
supports v6, only. That means there is no v5 key for Charlie, and no v6 
key for Bob.

Alice wants to send an encrypted message to both Bob and Charlie. She 
cannot send a single email that would work for everyone that uses the 
latest secure mechanisms.

Either Alice's MUA must fall back to the older, less secure mechanisms 
that are supported by both specs.

Or, to use modern mechanisms, Alice's MUA must construct two separate 
messages, one to Bob using LibrePGP mechanisms, and another one to 
Charlie using IETF OpenPGP mechanisms. Now, Bob wishes to reply to the 
whole group. But Bob cannot find a public key for Charlie that's 
compatible with Bob's software. As a result, Bob cannot send an 
encrypted reply to Charlie.

That dilemma is the reason why there is ongoing work on the 
replacement-key specification. It could allow software that supports 
only one of the specs to also generate a separate backwards-comaptible 
key. Charlie's software could generate a v4 key in addition to the v6 
key, and add meta information that links the two, and publishes both.

When Alice's MUA detects that there's only a v6 key for Charlie, but no 
v5 key for Charlie, she could include the v4 key that's linked from the 
v6 key into the gossip part of her outgoing email, too. That could allow 
Bob to notice that key and use it.

Let me know if I'm missing easier ways to handle the schism.

Kai

More information about the Gnupg-devel mailing list