Discussion style differences between OpenPGP design groups

Robert J. Hansen rjh at sixdemonbag.org
Thu Apr 30 19:32:38 CEST 2026 

> In my view it were at least as much the (some) participants of the
> working group  _and_ Werner who have made this into a power
> struggle. What I am not accepting is the full blame on a single
> individual or side. ... And the tone has become less constructive
> over time in my memory. Much so.

Thank you for starting this on something that's easy to agree with.
(Zero sarcasm.)

> I read this differently: It can be a constructive step.

Putting this out there to maybe help bridge the gap:

IETF's unofficial motto has always been "rough consensus and running
code."[*] At my present level of ignorance[**] this is how I see what
happened:

* People thought RFC4880bis was the right direction
* Werner implemented it, released it, got a large userbase for it.
* The WG changed its mind prior to RFC finalization, as it had every
   right to do.
* The final RFC9580 RFC ("rough consensus") is now in opposition to
   actual internet practice ("running code").

This can be seen as an argument between proscriptivists and
descriptivists.[***]

I am of the belief, with respect to technical standards, that a spec
which does not comply with actual practice is an erroneous spec.
Publishing an erroneous spec and then expecting the world to suddenly
change the way it does things in order to accommodate the spec is ... I
don't have another word to use besides "hubristic".

Werner gets accused of hubris constantly. I think there is some truth
there. I've seen him behave in ways I find unhelpful and
counterproductive. (Werner, as your friend, I'm telling you that Andrew
is trying really really hard to be your friend. Please rethink your
characterization of his criticisms as "bait".)

But at the same time there is an enormous level of hubris in the WG
demanding that all of these recently-installed vault doors be
reinstalled with this newer vault door which offers *no* practical
capability improvements for 95% of users [****] except for "now, with a
Belgian malinois!". We should notice that, too.

[*] https://www.ietf.org/runningcode/
[**] I neither have nor want any special insider knowledge of
     what's happened. Seriously. I violently do not want this.
[***] For benefit of non-English speakers whom I've just sent
     scrambling for a dictionary: proscriptivism is the belief
     that "usage should follow rules," while descriptivism is
     the belief "rules should be follow usage".
[****] As I said a few days ago, *PGP is massively overdesigned
     for the needs of the vast majority of its users.

>> By arguing endlessly about the tone and incivility of the
>> complaints, or by drawing equivalence between the complaints and
>> the initial unfairness, we let the root cause - the unfair
>> behaviour itself - off the hook.
> 
> If you accuse me of "endlessly" arguing, I might just stop.

I didn't read Andrew as accusing you of being dilatory; I read him as
being frustrated with how long this is taking. I share in his
frustration, but I think everyone is talking in good faith.

> What would you have won?

I would have preferred if LibrePGP had become the new standard. This is
no slam on the WG, which put out a spec I believe is technically
superior to LibrePGP. But the LibrePGP spec is definitely good enough
and is already fielded in large numbers.

At the same time, it's not about which one I want to have won. It's 
about *where we are now as a community*, and how do we bridge this rift?

There are genuinely good people in the RFC9580 camp. Our community will 
be stronger and better if we can reconcile with them.

I've already shared my thoughts on how we can do that. I won't rehash 
them here.

> Werner Koch has devoted the major fraction of his professional life 
> towards creating a Free Software product for end-to-end
> cryptography. He is the active technical and architectual lead of
> the major and most widely used OpenPGP implementation (seen over 25
> years). As you have written before, he was right on a number of
> decision he took in those roles. He as a lot of experience.
> 
> Yes, I think it is worth a real consideration to give him a veto.

This is the same logic the FSF has used for decades to justify RMS's
veto power. I think this reasoning leads to bad outcomes (see: RMS).

I am *not* accusing Werner of being an RMS-like figure. I am saying that
if we want to prevent an RMS-like figure from forming, we need to stop
giving dictators-for-life veto authority over projects.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260430/d6bd1f00/attachment-0001.sig>

More information about the Gnupg-users mailing list