v5 vs v6 consequences

Steffen Nurpmeso steffen at sdaoden.eu
Sat Sep 13 17:59:12 CEST 2025 

Kai Engert via Gnupg-devel wrote in
 <d773b40c-30cc-4751-8c23-b600a2e9dda7 at kuix.de>:
 |sorry, there were two missing words here:
 |
 |On 9/13/25 13:11, Kai Engert wrote:
 |> Despite your suggestion, some implementations might chose to 
 |
 |... implement only ...
 |
 |> one of the 
 |> specifications.

Wasn't the process unfair then given that certain implementations
created keys for years of an anticipated format that then did not
became reality?

Granted, as a non-crypto non-mathematician (the latter as a
conscious decision at some age), the librepgp web page reasoning
bullet list does not thrill me, it was written for specialists.
But that often prodded for comparison report i also did not
truly get, given that the major vulnerability seems to refer to a
"v3 key" concept that Werner Koch rejected with "v3 key is not
supported" on the ML, which i found not reproduced in the report.
In fact i personally found the report, that i only glanced over
and read in a hurry, well my impression was that of a "biased
flight over some topic".  Maybe involved people should never
write such a report, it is a characteristic of quality journalism
to be able to step back, and write an objective article with a
comprehensive (enough) context.  Was actually what i thought.

Granted also that it seems one side took certain steps as one
would do it who has to keep a business going, anyone who had
that, possibly even at a low financial comfort level, knows
this is a treadmill: decisions have to be made quickly, however
risky they may be, often "out of the gut", and then you have
to "take this reality" and go with it.  And in such a context,
some peculiar little things just do not really matter, i think
for example of algorithm OIDs i think it was, here possibly more
communication would have been the optimum, but i actually have
forgotten about the context, ie, how much that actually taken
"OID" hurts.  I bet it was just a "we need an OID; here is an
OID", and that was it about it, and if seen in such a light,
having had a communication on it is outstanding even, that much
is eh, true.

In any event it is easy (let aside much easier) to come from a
saturated environment and simply do not care about a quarter of a
century, as was already heard in this thread.  This is 25 years,
and, as was also already heard, maybe certain people will have
opened their eyes if, indeed, 25 years of further adult life
have passed.

Personally i also think it is debatable whether "open and public
process"es always are truly open and public.  I cannot comment on
this very process here, however.  But i have watched, from the
times when European films had some value, for example "Endstation
Schaffott" ("Deux hommes dans la ville"), and that really moved me
deeply enough to remember it fourty years later.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the Gnupg-devel mailing list