Plan B - Who carries the torch?
Robert J. Hansen
rjh at sixdemonbag.org
Sat Jan 2 22:55:49 CET 2021
> I assume the following: Werner is globally known as the author of
> GnuPG and it is generally accepted that GnuPG is a defacto security
> standard globally besides S/MIME when it comes for example to private
> email communications.
No. OpenPGP is; GnuPG is just one implementation of the OpenPGP
standard. There are others.
> in their twenties so that it can be assumed, when in 10 years Google
> and IBM have Quantum Computers, which make our classic encryption
> ECC probably useless that then people may have a problem.
Quantum computing has been ten years away since 1992, which is when I
first heard about it. I would be extraordinarily cautious about
believing the hype. Getting enough qubits together to form the
necessary quantum logic is only a very small part of the overall
picture. Read up on Grover's algorithm sometime, and think about just
how unreasonable the requirements are: they're so unreasonable as to
make the prospect of breaking crypto via Grover's actually _slower_
than the classical way.
> I assume the worst case scenario that when Werner retires and starts
> to enjoy life with his family and friends and let's say Andre would
> change his career path who carries then the torch, so to speak?
Seriously. OpenPGP has survived as long as it has mostly by a miracle
involving the diligence of a handful of people, but in many ways it's
embarrassingly ... well, not obsolete. Definitely obsolescent, though.
A cryppie at Johns Hopkins, Matthew Green, describes OpenPGP as a
showcase of the best cryptographical techniques of the mid-1990s, and
he's not wrong.
Someday, we'll decide OpenPGP has done enough and should be retired.
And that will be okay. I hope that someone else comes along and works
on a newer standard using the best cryptographical techniques of the
2020s, and I hope this new standard breaks backwards compatibility with
OpenPGP. Breaks it flagrantly, violently, and spectacularly.
> So, ladies and gentlemen any thoughts or insights which can be
Yeah. Less time worrying about how to make OpenPGP continue for
another twenty years, more time spent about how to make a next-
generation cryptographic tool that will occupy the same space OpenPGP
did but will do it better and with more modern techniques.
More information about the Gnupg-users