Should one really disable AEAD for recent GnuPG created PGP keys?

Tobias Leupold tl at
Tue Mar 5 12:39:02 CET 2024

Sorry for asking another thing about this. For sure, I didn't want to set off 
an avalanche, and I still don't want to. But from a user's perspective, this 
is simply very confusing and also unsettling.

I think that somewhere, there should be some documentation, FAQ or whatever, 
as a definitive source for the correct facts.

Because we have this statement:

> That is not a GnuPG specific but an agreed upon format by the participants
> of the OpenPGP WG and implemented by all major implementations.

Which does not match what others say (apart from Vincent's statement) ... e.g. 
I also asked for what to do on Stack Exchange:

The answer started with:

> While authenticated encryption (AEAD) is good - especially for something
> like OpenPGP, which is an old and over-complicated standard that has a
> concerning large attack surface for vulnerabilities or simple implementation
> errors - I definitely can't recommend enabling a non-standardized
> compatibility-breaking feature by default, and frankly feel that GnuPG made
> a major error in doing so

from somebody with an impressive reputation on the network, for whom I suppose 
he knows what he's talking about.

So: Is this standardized, or is it not?

As said: I don't want to provoke a flame war. I'm just interested in objective 
facts ...

More information about the Gnupg-users mailing list