Discussion style differences between OpenPGP design groups (Re: Post-quantum defaults)

[Andrew Gallagher]

Hi, Bernhard.

Thanks for replying. I'm going to avoid getting into a point-by-point 
rebuttal here because I fear it would drag us into the weeds and obscure 
my central message.

The IETF WG is not made up of saints. There are some strong (some might 
say difficult!) personalities. The style of argumentation is not always 
constructive. But when I call it a "family argument" I mean it - we are 
a family with both common interests and divergent ones. Managing these 
divergences is the entire point of a WG. And for the most part so far we 
have succeeded.

I would classify this thread also as a "family argument". And the root 
cause of this argument is whether or not Werner has a *personal veto* 
over the specification. There is a well-documented pattern of behaviour 
going back years, where Werner simply ignores criticism he doesn't like 
and makes executive decisions on behalf of everyone else. Many of the 
criticisms that he has faced over the long history of PGP and GnuPG have 
been unwarranted and unfair. I have defended him on many of those 
occasions, and I will continue to do so. Many of the decisions that he 
has made on behalf of the community have been the correct ones, or at 
least arguably correct. And he deserves our gratitude for that.

But there have also been well-founded criticisms of his decisions, 
particularly since he became editor of the rfc4880bis draft. And it is 
how he has responded to those criticisms that has led to the schism. On 
many occasions he has lost an argument on technical merits, or otherwise 
been the lone dissenting voice on a non-technical matter, and he has 
attempted to wield a personal veto in order to get his way. When it 
became clear that nobody else was willing to grant him the power of 
veto, he walked out and attempted to set up an alternative "standard" 
with him as the sole decision-maker.

This is not how a healthy community should work.

I commend you for your attempts to broker peace, and to see the good in 
all sides. I too want to believe in the good of all sides and find a 
compromise position that can resolve this mess. I have attempted on 
numerous occasions to find some clever technical wheeze that would 
bridge the gap between factions, but this is not a technical 
disagreement. Even using the words "factions" or "sides" obscures the 
stark reality that one of the sides consists of a single person.

When Werner's negotiating position is "I will make peace but only if you 
allow me to veto anything I dislike" there is no prospect of compromise. 
And when you ask me "why doesn't the WG just turn into Werner's way here 
and saves the ecosystem?" you are asking me "why don't you just accept 
Werner as your dictator for the sake of peace?". That's a deeply unfair 
thing to ask of any collaborative community.

I don't believe you intend your question that way, but that is the way 
it comes across to most people I know. There is a fundamental difference 
between unfair behaviour and complaining about unfair behaviour. By 
arguing endlessly about the tone and incivility of the complaints, or by 
drawing equivalence between the complaints and the initial unfairness, 
we let the root cause - the unfair behaviour itself - off the hook. 
Constantly bothsidesing a single-issue argument only serves to prolong 
the argument. At some point a decision has to be made.

Do we grant Werner a veto, or not?

Thanks,
Andrew.

On 29/04/2026 08:37, Bernhard Reiter wrote:
> Hi Andrew,
> 
> Am Montag 27 April 2026 17:21:03 schrieb Andrew Gallagher via Gnupg-users:
>> On 27/04/2026 11:26, Werner Koch wrote:
>>   > The MTG and BSI folks eventually came up
>>   > with a draft and - according to personal communication - on suggestion
>>   > from certain attendees at an IETF meeting
>>
>> Which particular attendees? You keep blaming things on unnamed people.
>> Maybe you think it's impolite to name names, but it reads like a
>> conspiracy theory. I've been at most of the meetings you mention, and
>> they're not as sinister as you make out.
> 
> a simple explanation for the above and some other references by Werner could
> be that personal communication is confidential and some internal meetings are
> confidential as well. It may just not possible to give some of those details
> in public.
> 
>> The IETF WG is mostly a bunch of goofy nerds. I count many of them as
>> personal friends. They're trying to do the right thing, in the face of
>> the inevitable disagreements and technical challenges and
>> backwards-compatibility nightmares. We don't get everything right, and
>> that's OK. That's why we rely on each other to point out blatant
>> mistakes and missed opportunities, and the ways we can all do better
>> next time. It's difficult, but it's healthy. Nobody can be expected to
>> do critical infosec work by themselves. We need each other, and mostly
>> we enjoy it.
>>
>> (It might not seem that way on the mailing list sometimes, but family
>> arguments aren't the end of the world!)
> 
> I've seen some aggression and unfairness in communication coming
> from that group. Which hurt me personally, but probably Werner much more
> (No, I do not want to go into details, I do not want to blame someone
> specific, it is more a description of how I have perceived the communication.
> I've also seen bad communication from Werner and others and probably have
> issued some myself.) Mainly it damaged the process and working relationships.
> 
> Just "a bunch of goofy nerds" is not a complete description, there are some
> business values and personal convictions on stake as well. Which is okay in
> principle of course, but it also explains why some extensions are more
> valuable to others in the group. (GCM mode for example.) I think it is better
> to talk about different interests.
> 
>> Most implementers agree that the new convention is cleaner. However,
>> this point is obviously not crucial for any security properties. It's
>> surely not necessary for GnuPG to diverge from how the rest of the
>> OpenPGP ecosystem represents PQC keys on the wire, which is largely a
>> minor matter of taste.
>>
>> Is this the hill that you're willing to die on? A numbering convention?
>> *Really*?
> 
> <sarcasm>
>    It seems the WG also wants to "die" on this hill...
> </sarcasm>
> What strikes me as odd is that a number of accusations made against LibrePG,
> GnuPG and Werner, could also be turned around and be made (with some
> plausibility) against RFC9580, sequoia and the IETF WG as well.
> This statement of yours just an example, I want to point out how aggressive
> and imbalanced I perceive the communication here. I do not understand this as
> as real question with genuine interested in what can be done together,
> good (the group of personal friends trying to do the good thing) and bad
> (missing meetings, throwing shades) are already decided. In this style I do
> not see an openess for improvements on side of the "good" group.
> 
> So I conclude:
> Who is right seems to have become a matter of principle for many participants.
> 
> An we all know: Just because a number of people have proposed a document that
> is a "standard" by some organisation, does not make it one in the wild or
> even a good one. Some of those "standards" never get picked up. There is some
> merit in a group getting a consensus together, but they still could be wrong
> on some technical parts.
> 
>> We need to foster a more inviting community, or it will die with us.
> 
> Then please help with it.
> Try to find a description and a language that would be agreeable to Werner to
> describe situations and arguments, before you disagree. Ask questions and
> listen in order to really understand. In this post it is different:
> If Werner tries to give some details about how and why LibrePGP and GnuPG are
> how they are now, his statements are to "a conspiracy theory" and a stance to
> a "hill [..] to die on".
> This is a communication style that makes it hard for me to respond in a
> helpful way. I mainly interpret it as born out of frustration. That I could
> understand very well, but I do not see how it will fostering a more inviting
> community.
> 
>> You don't engage with other implementers, you miss meetings, you rely on
>> second-hand information, you implement and ship outdated specs, and then
>> you throw shade at everyone else for making decisions that you don't
>> agree with. Decisions that, when viewed from outside this little bubble,
>> *don't matter*.
> 
> With that attitude and the harshness of these accusation, why should Werner or
> anyone assume that he would be treated fairly on these meetings or occuasions?
> Personally I wouldn't want to interact with a group in an atmosphere like
> this. Even if I had a reasonable explanation and defense for all these things
> I do not think anyone would really listen.
> 
>> But this tinpot disagreement is escalating to the point
>> where end users are abandoning the PGP ecosystem entirely. Is that the
>> outcome we want?
> 
> If changing course here, on a point that you say does not matter, why doesn't
> the WG just turn into Werner's way here and saves the ecosystem?
> Probably because it is not that easy...
> (As you see again, sarcasm is all that I can muster here. What I am trying
> to express is that I cannot understand that one-sided blame at all.)
> 
>> Please, for the love of all that is good and beautiful in the world, can
>> we work together to implement algorithm 35 from draft-ietf-openpgp-pqc
>> in GnuPG, so that we can at least have one point of commonality between
>> PQC implementations? *I will help you*. I will work for free. I just
>> want this to be over.
> 
> I believe this is what you honestly want - that is why I've took the time to
> reply and give you my personal view on your email. My humble suggestion and
> its reasoning is above. Hope it helps at least a little bit.
> 
> Best Regards,
> Bernhard
>