BSI - Why PQC for Thunderbird and not gpg4win in the first place?

Wed Jun 30 09:19:42 CEST 2021

Am Dienstag 29 Juni 2021 20:01:03 schrieb Стефан Васильев via Gnupg-users:
> Werner Koch wrote:
> > On Tue, 29 Jun 2021 15:31, Стефан Васильев said:
> >> I don't understand why the BSI is looking for Post Quantum
> >> Cryptography support with OpenPGP for Thunderbird and not for the
> >> promoted gpg4win, 

The tender includes implementing the algorithms in libgcrypt as well,
so Gpg4win will also get it.

When trying to understand how public administration and governments work,
it is helpful to think of them as several groups and people. So it is not 
something that _the_ BSI wants or _the_ German Government. It is about 
sections, people, parties, ministries that all act within their view on their 
tasks, duties and also group and personal interests. This is okay, but it 
means one person, group or ministry may look at a technical aspect 
differently  then others and act accordingly.

> >> As understood, Germany recently passed a law to strengthen authorities
> >> to allow the usage of their Government trojan, which tells me that
> >> using
> >
> > It is quite a problem for the BSI that the gov is trying to shift them
> > into the same trouble the NSA has.  Protecting the citizen while at the
> > same time helping to attack them. 

To be more specific, the conservatice party block (CDU/CSU) in Germany has 
been pushing many years for more suveillance, more rights for secret services 
and attack capabilities. And the resistance from other parties like SPD, FDP, 
attornies, journalists has been becoming weaker. (Note that the biggest block 
of German voters prefer this conservative block, so this is a problem of 
convincing more people and changing their vote about those topic). Similiar 
in Europe and the pandemic has shifted public attention away from the 
downsides.

Rumors go that there is a good part that the German BSI may be split up in the 
future in what I'd call a "good" and "bad" part. This makes sense, as 
if "security" public administrations have legal rights and obligations, they 
need technical support and this is typical within the ministry of the 
interior. On the other hand the protecting part should be more independent
maybe in the consumer and economy protection with the ministry of justice or 
the ministry economy.

Regards,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210630/f10947da/attachment.sig>