Why Some Criticisms Matters More Than Others

Fri Apr 3 18:08:15 CEST 2026

> If the goal of this article is to clarify the story behind RFC9580 and 
> the critics to GnuPG…

The goal of this article is stated in clear text right at the beginning: 
to explain, and I quote, "Why Some Criticisms Matters More Than Others".

I cited four basic kinds of criticisms: the Fearmongers, the Half 
Truthers, the Ivory Towerists, and the Honest Brokers.

I also stated in clear text right at the beginning, "[t]he things I'm 
speaking of apply to both LibrePGP and RFC9580 OpenPGP. The criticisms 
made against one usually wind up getting made against the other, whether 
for good or ill. These criticisms fall on a spectrum, from infuriatingly 
dishonest all the way to carefully thought out and researched."

There are absolutely some honest, good-hearted, solid critics of 
LibrePGP on the RFC9580 side of the fence. There are also some people 
operating from less than pure motives. With regard to any particular 
critic, I remain silent.[*] I encourage you to decide for yourself which 
kind of critic it is.

[*] with one exception: there seems to be a persistent myth that Daniel 
Kahn Gillmoor and I don't get along. Quite the opposite. I've met him a 
couple of times and each time we got along well. Don't mistake the two 
of us sometimes arguing heatedly about technical matters with there 
being any level of personal animosity. I can tell you from personal 
experience Daniel doesn't play the game that way, and I hope the same 
can be said about me.

, I think the article looks worth a read but without
> said context, links and sources for those claims, looks a bit 
> unsubstantial.

There is no context.

Ever since PGP was released in 1991, there have been a chorus of voices 
declaring that it, and/or its descendants, have been insecure, 
government plants, that the NSA has a secret Utah data center that can 
break RSA, and so on. This whisper campaign against ClassicPGP, OpenPGP 
2440, OpenPGP RFC 4880, OpenPGP RFC9580, and now LibrePGP, has gone on 
for so many decades that someone on the mailing list asked why there was 
this persistent, decade-long campaign against it.

> FWIW: I am reading the article from the point of view of someone that 
> has heard about this discussion but doesn't have great context.

Good. Please stay that way. Dirty laundry is best when it's not aired in 
public. A lot of people behaved in ways that in hindsight maybe they 
wish they hadn't. At some point in the future, I hope these people will 
have the courage and personal growth to say, "you know, maybe I was the 
bad guy here," and consider the possibility the other side wasn't as bad 
as they thought. When that happens -- and I believe it's a "when," not 
an "if": I'm an optimist who believes in people -- the quieter we are in 
the divorce, the easier it will be to reconcile.

I am not particularly privy to details. (Some people think I am. I'm 
really not.) To the extent I am involved in this at all, I wish I 
wasn't, and to the extent I know anything about this, I wish I didn't.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260403/1c83925c/attachment-0001.sig>