Post-quantum defaults
Werner Koch
wk at gnupg.org
Mon Apr 27 12:26:39 CEST 2026
On Mon, 27 Apr 2026 10:27, Andrew Gallagher said:
> It’s more than a “paper and project”, it’s due to be published as an
> RFC any day now, and is widely implemented (by everyone else).
Right, preparing an I-D was part of the call for tenders for the BSI PQC
project P580 in 2021. Actually Ribose, Intevation, and g10 Code took
part in the bid but eventually lost against the offer by MTG AG.
The part to implement PQC also for S/MIME was later dropped so the whole
thing was only for OpenPGP. The MTG and BSI folks eventually came up
with a draft and - according to personal communication - on suggestion
from certain attendees at an IETF meeting to change from the usual PGP
way to the uncommon thing of assigning a public key algorithm id to each
combination of algorithms and parameters. The WG later changed more
things which I did not follow in particular because the important
Brainpool support was also removed by them.
I later had a meeting at the BSI (iirc, due the projects goal of
implementing the algorithms in Libgcrypt). It was important to them
that their key combiner needs to be used. And that is what Niibe-san
and me implemented in GnuPG and later specified in LibrePGP. The
changes affected only protocol format details and not the actual crypto.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260427/94a651c2/attachment.sig>
More information about the Gnupg-users
mailing list