Plan B - Who carries the torch?

Robert J. Hansen rjh at sixdemonbag.org
Sat Jan 2 22:55:49 CET 2021


> I assume the following: Werner is globally known as the author of
> GnuPG and it is generally accepted that GnuPG is a defacto security
> standard globally besides S/MIME when it comes for example to private
> email communications.

No.  OpenPGP is; GnuPG is just one implementation of the OpenPGP
standard.  There are others.

> in their twenties so that it can be assumed, when in 10 years Google
> and IBM have Quantum Computers, which make our classic encryption
> like
> ECC probably useless that then people may have a problem.

Quantum computing has been ten years away since 1992, which is when I
first heard about it.  I would be extraordinarily cautious about
believing the hype.  Getting enough qubits together to form the
necessary quantum logic is only a very small part of the overall
picture.  Read up on Grover's algorithm sometime, and think about just
how unreasonable the requirements are: they're so unreasonable as to
make the prospect of breaking crypto via Grover's actually _slower_
than the classical way.

> I assume the worst case scenario that when Werner retires and starts
> to enjoy life with his family and friends and let's say Andre would
> change his career path who carries then the torch, so to speak?

Who cares?

Seriously.  OpenPGP has survived as long as it has mostly by a miracle
involving the diligence of a handful of people, but in many ways it's
embarrassingly ... well, not obsolete.  Definitely obsolescent, though.
A cryppie at Johns Hopkins, Matthew Green, describes OpenPGP as a
showcase of the best cryptographical techniques of the mid-1990s, and
he's not wrong.

Someday, we'll decide OpenPGP has done enough and should be retired. 
And that will be okay.  I hope that someone else comes along and works
on a newer standard using the best cryptographical techniques of the
2020s, and I hope this new standard breaks backwards compatibility with
OpenPGP.  Breaks it flagrantly, violently, and spectacularly.

> So, ladies and gentlemen any thoughts or insights which can be
> shared?

Yeah.  Less time worrying about how to make OpenPGP continue for
another twenty years, more time spent about how to make a next-
generation cryptographic tool that will occupy the same space OpenPGP
did but will do it better and with more modern techniques.





More information about the Gnupg-users mailing list