Should one really disable AEAD for recent GnuPG created PGP keys?

Werner Koch wk at
Tue Mar 5 09:40:42 CET 2024

On Tue,  5 Mar 2024 00:16, Vincent Breitmoser said:

> The packet format referred to here is GnuPG-specific. In November

Vincent, please stop spreading wrong facts.

That is not a GnuPG specific but an agreed upon format by the
participants of the OpenPGP WG and implemented by all major
implementations.  This was done in the same way we handle that since
1997 - the implementers agreed upon some format, implemented it and
later described it some draft document.  For example the current AEAD
mode (CFB+MDC) was agreed upon in the year 2000 and implemented by both
existing implementations (PGP and GnuPG).  If took then 8 years before
it was codified in an RFC.  Same thing for modern ECC curves -
implemented by everyone but no detailed specs out there.  Modern AEAD
mode (OCB) was specified and cross-tested in 2018 but some people,
driving their own agenda, dropped that in fall 2021 and came up with
another format with no solid reason.

Bruce: I understand your claims and we have been very careful not to
break anything when implementing a modern mode.  That mode is really
required because the old CFB+MDC is slow and policy makers don';t like
it because it is not on their list of modern algorithms.  The problem
here is that group of newcomers with their niche implementations who
want to gain an advantage compared to the existing implementations.
Unfortunately supported by a few people like Vincent who patch out things
or don't use their existing stuff.  OTOH, it is not a real problem
because they are, well, niche implementations, albeit with a loud voice.

> 2023, GnuPG forked the OpenPGP standard as "LibrePGP", in protest of

Right, Ribose and GnuPG came up with that site to explain what was
going wrong and to have a descriptive name for the actual OpenPGP
standard in current use.

All has been said and there is no need to continue spreading wrong facts
from your rebellion group aiming to discredit the most widely used
standard for mail and data encryption.  Please go to your own list and
continue there.  Here is no place to repeat that.  My last word on this
on this ML.



The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list