Should one really disable AEAD for recent GnuPG created PGP keys?
Tobias Leupold
tl at stonemx.de
Mon Mar 4 22:37:29 CET 2024
> Ah... That question leads to an awkward discussion these days. There
> was a IETF standards process that led to the OCB mode now supported by
> GnuPG and others. GnuPG (and others) implemented it before the new
> standard was officially released (there seemed to be consensus). That
> standards process then dropped the GnuPG OCB mode and created 3 new
> modes. So currently, there are the two modes that the OpenPGP standard
> currently specifies and four proposed modes for a total of 6 modes,
> each completely incompatible with any other mode. So there is a
> potential for a interoperability disaster here.
> At this point I personally believe that everyone should step back from
> this potential war and stop generating new modes by default. As a user
> I can happily wait until an actual consensus is reached. Heck, I can
> happily wait past that. There is no hurry here.
Oh my. So the answer to my question "Should one really disable AEAD for recent
GnuPG created PGP keys" (or OCB/AEAD or whatever) is maybe "yes" after all ...
I mean, it's hard enough for most people to use public key encryption at all.
Even if there are no interoperability issues.
Maybe, one should agree on the lowest common denominator here. I encrypt
passwords, sign software releases and sometimes (rarely), I encrypt an email.
A text email. Which is like 4 KB or such. So, for me, I see no performance
problem for my use-case.
> The big usability problem now is that the implementations are not
> making all this clear. GnuPG for instance doesn't even have an entry
> in the FAQ about this problem. Most users will not be able to overcome
> this sort of issue and will have to just give up.
... like most of them do anyway, when it comes to public key cryptography.
> Anyway, I wrote a whole rant about this:
>
> * https://articles.59.ca/doku.php?id=pgpfan:schism
>
> I have added your Openkeychain references to my list of problems
> caused by new OpenPGP cipher block modes. Thanks.
>
> * https://articles.59.ca/doku.php?id=pgpfan:noae_shame
Thanks for this reference!
Cheers, Tobias
More information about the Gnupg-users
mailing list