Should one really disable AEAD for recent GnuPG created PGP keys?

Tobias Leupold tl at stonemx.de
Mon Mar 4 22:37:29 CET 2024


> Ah... That question leads to an awkward discussion these days. There
> was a IETF standards process that led to the OCB mode now supported by
> GnuPG and others. GnuPG (and others) implemented it before the new
> standard was officially released (there seemed to be consensus). That
> standards process then dropped the GnuPG OCB mode and created 3 new
> modes. So currently, there are the two modes that the OpenPGP standard
> currently specifies and four proposed modes for a total of 6 modes,
> each completely incompatible with any other mode. So there is a
> potential for a interoperability disaster here.

> At this point I personally believe that everyone should step back from
> this potential war and stop generating new modes by default. As a user
> I can happily wait until an actual consensus is reached. Heck, I can
> happily wait past that. There is no hurry here.

Oh my. So the answer to my question "Should one really disable AEAD for recent 
GnuPG created PGP keys" (or OCB/AEAD or whatever) is maybe "yes" after all ... 
I mean, it's hard enough for most people to use public key encryption at all. 
Even if there are no interoperability issues.

Maybe, one should agree on the lowest common denominator here. I encrypt 
passwords, sign software releases and sometimes (rarely), I encrypt an email. 
A text email. Which is like 4 KB or such. So, for me, I see no performance 
problem for my use-case.

> The big usability problem now is that the implementations are not
> making all this clear. GnuPG for instance doesn't even have an entry
> in the FAQ about this problem. Most users will not be able to overcome
> this sort of issue and will have to just give up.

... like most of them do anyway, when it comes to public key cryptography.

> Anyway, I wrote a whole rant about this:
> 
> * https://articles.59.ca/doku.php?id=pgpfan:schism
> 
> I have added your Openkeychain references to my list of problems
> caused by new OpenPGP cipher block modes. Thanks.
> 
> * https://articles.59.ca/doku.php?id=pgpfan:noae_shame

Thanks for this reference!

Cheers, Tobias





More information about the Gnupg-users mailing list