From jb-gnumlists at wisemo.com  Wed Apr  1 00:58:59 2026
From: jb-gnumlists at wisemo.com (Jakob Bohm)
Date: Wed, 1 Apr 2026 00:58:59 +0200
Subject: Suggestions of standards added to openpgp/Gnupg/LibrePgp
In-Reply-To: <CACnSDUtE6gJ_FjfbUY=FHkEz-5K4dYfKWLJzdNUZCPe4T5WiVw@mail.gmail.com>
References: <CACnSDUtfHY2SRa2XqEXBZD+k+WAG29otEATJVSOKjJQRXahPyQ@mail.gmail.com>
 <d6dfefde-7ed8-4d95-8fe0-8c15420d8e05@sixdemonbag.org>
 <CACnSDUtE6gJ_FjfbUY=FHkEz-5K4dYfKWLJzdNUZCPe4T5WiVw@mail.gmail.com>
Message-ID: <011e1fe0-99bd-ddb0-8705-e472aee3e976@wisemo.com>

On 31/03/2026 17:09, Hakun_the_eril via Gnupg-users wrote:
> Oh? I was not aware of that.
>
> My arguments are:
> Shamirs secret has been around since 1979,- I find it odd that it is 
> not included in Openpgp.
You mean "secret sharing scheme", not any of the other things he made that
deals with secrets?

> It could add things like distributed key custody, hardware enforced 
> split custody. Right now,- if someone with a key leaves or dies 
> important encrypted data gets lost.
> That would cause issues for any organization.? ?It could also fix the 
> plausible "only one person knows the password" to a " K of N can 
> cooperate" situation.
> That would also work for a encrypted file system,- split into parts.
> If a hardware token has , say 256 GB space.. Then it can be a part of 
> a Shamirs secret scheme.? 4 out of 6 keys could be used to recreate 
> the shared encrypted file system on a empty drive.
Copying the deeply protected secret stuff to a plaintext copy on a 
device with
unknown deletion abilities is a clear security risk that should not be 
taken.
Instead create an intermediary layer that extracts the secret key from the
sharing scheme and keeps it in memory just long enough to access the actual
secret data (such as PGP private keys) on the fly.
>
>
> Ephemeral signed elliptic curve diffie hellman is usable, because it 
> will solve a forward security issue.
> If you encrypt say radio transmissions with the same key over long 
> periods anyone who gets hold of that key can decrypt old transmissions.
> TLS 1.3 , the signal protocol and versions of openssh that is never 
> than? 5.7 supports this.
Ephemeral DH (classic or ECC) only works if the recipient can send you
an ephemeral public key, thus not on any one-way channel such as
broadcast radio, e-mail, messages for the future etc. etc.

Signing the keys makes sense only if there is a risk that an attacker
sends you a different key, which there often is, but it is not a given,
since some means will eventually be needed to establish trust in the
party whose key you need to trust.

>
> I have no business relations with Baochip,- I just think its 
> interesting and neat.
>
>
> tir. 31. mars 2026 kl. 16:27 skrev Robert J. Hansen via Gnupg-users 
> <gnupg-users at gnupg.org <mailto:gnupg-users at gnupg.org>>:
>
>     Hakun, this list overwhelmingly prefers plain text, not HTML. Some
>     list
>     members (including Werner!) simply don't read HTML-composed
>     emails. And
>     sometimes, HTML emails render in a format that makes it impossible
>     to read.
>
>     > As the Baochip-x1 has the hardware to do a lot of cryptographic
>     > functions like active zeroisation, Ed25519 signed boot, Glitch
>     sensors,
>     > security mesh, PV sensor, ECC-protected RAM,Algorithm-agnostic
>     engine
>     > etc I think that these could be added to standards.
>
>     Why?
>
>     That's the basic question here. What is the use case for LibrePGP
>     that
>     isn't being adequately addressed by the spec, and how would these
>     changes mitigate that shortcoming?
>
>     If you can give a good and terse answer to that question I'll be
>     happy
>     to consider this proposal.
>
>     > The baochips specs can be found here: https://www.baochip.com/
>
>     Do you have any business relationship to this vendor?
>
Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260401/49a7fa03/attachment.html>

From gnupg-users at city17.xyz  Fri Apr  3 13:04:57 2026
From: gnupg-users at city17.xyz (jman)
Date: Fri, 03 Apr 2026 13:04:57 +0200
Subject: Why Some Criticisms Matters More Than Others
In-Reply-To: <874ilx8wga.fsf@jacob.g10code.de> (Werner Koch via Gnupg-users's
 message of "Mon, 30 Mar 2026 12:04:37 +0200")
References: <874ilx8wga.fsf@jacob.g10code.de>
Message-ID: <878qb4qp7q.fsf@nyarlathotep>

Werner Koch via Gnupg-users <gnupg-users at gnupg.org> writes:

> Robert was kind enough to to turn one of his recent mailing list replies
> into an essay which is now available at
>
>   https://gnupg.org/blog/20260320-some-criticism-matter.html

If the goal of this article is to clarify the story behind RFC9580 and the critics to GnuPG, I think 
the article looks worth a read but without said context, links and sources for those claims, looks a 
bit unsubstantial.
FWIW: I am reading the article from the point of view of someone that has heard about this 
discussion but doesn't have great context.

(Probably a link to the mailing list reply would also help me understading what this article is 
about)

Hope this feedback is useful


From rjh at sixdemonbag.org  Fri Apr  3 18:08:15 2026
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 3 Apr 2026 12:08:15 -0400
Subject: Why Some Criticisms Matters More Than Others
In-Reply-To: <878qb4qp7q.fsf@nyarlathotep>
References: <874ilx8wga.fsf@jacob.g10code.de> <878qb4qp7q.fsf@nyarlathotep>
Message-ID: <644c4fb3-6388-4e6c-b64c-196b119c6b67@sixdemonbag.org>

> If the goal of this article is to clarify the story behind RFC9580 and 
> the critics to GnuPG?

The goal of this article is stated in clear text right at the beginning: 
to explain, and I quote, "Why Some Criticisms Matters More Than Others".

I cited four basic kinds of criticisms: the Fearmongers, the Half 
Truthers, the Ivory Towerists, and the Honest Brokers.

I also stated in clear text right at the beginning, "[t]he things I'm 
speaking of apply to both LibrePGP and RFC9580 OpenPGP. The criticisms 
made against one usually wind up getting made against the other, whether 
for good or ill. These criticisms fall on a spectrum, from infuriatingly 
dishonest all the way to carefully thought out and researched."

There are absolutely some honest, good-hearted, solid critics of 
LibrePGP on the RFC9580 side of the fence. There are also some people 
operating from less than pure motives. With regard to any particular 
critic, I remain silent.[*] I encourage you to decide for yourself which 
kind of critic it is.

[*] with one exception: there seems to be a persistent myth that Daniel 
Kahn Gillmoor and I don't get along. Quite the opposite. I've met him a 
couple of times and each time we got along well. Don't mistake the two 
of us sometimes arguing heatedly about technical matters with there 
being any level of personal animosity. I can tell you from personal 
experience Daniel doesn't play the game that way, and I hope the same 
can be said about me.

, I think the article looks worth a read but without
> said context, links and sources for those claims, looks a bit 
> unsubstantial.

There is no context.

Ever since PGP was released in 1991, there have been a chorus of voices 
declaring that it, and/or its descendants, have been insecure, 
government plants, that the NSA has a secret Utah data center that can 
break RSA, and so on. This whisper campaign against ClassicPGP, OpenPGP 
2440, OpenPGP RFC 4880, OpenPGP RFC9580, and now LibrePGP, has gone on 
for so many decades that someone on the mailing list asked why there was 
this persistent, decade-long campaign against it.

> FWIW: I am reading the article from the point of view of someone that 
> has heard about this discussion but doesn't have great context.

Good. Please stay that way. Dirty laundry is best when it's not aired in 
public. A lot of people behaved in ways that in hindsight maybe they 
wish they hadn't. At some point in the future, I hope these people will 
have the courage and personal growth to say, "you know, maybe I was the 
bad guy here," and consider the possibility the other side wasn't as bad 
as they thought. When that happens -- and I believe it's a "when," not 
an "if": I'm an optimist who believes in people -- the quieter we are in 
the divorce, the easier it will be to reconcile.

I am not particularly privy to details. (Some people think I am. I'm 
really not.) To the extent I am involved in this at all, I wish I 
wasn't, and to the extent I know anything about this, I wish I didn't.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260403/1c83925c/attachment-0001.sig>

From klaus+gnupg at ethgen.ch  Mon Apr  6 01:35:41 2026
From: klaus+gnupg at ethgen.ch (Klaus Ethgen)
Date: Mon, 6 Apr 2026 00:35:41 +0100
Subject: Different locale for pinentry
Message-ID: <adLxzR3vBMuEpQsT@chil>

Hi,

I always use locale latin1. But when pinentry is in use, it starts some
GUI boxes, which nee UTF-8. The most annoying here is the word "Z?hler"
instead of Z?hler.

Is there any way to start GUI stuff with UTF-8-locale instead of
something else? Alternatively, the whole gpg-agent or any pinentry could
be made started with UTF-8.

Regards
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus at Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 728 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260406/ed0e2e09/attachment.sig>