GnuPG design goals (Re: Bikeshedding while the world burns)
Andrew Gallagher
andrewg at andrewg.com
Wed May 6 10:08:22 CEST 2026
On 05/05/2026 17:13, Bernhard Reiter via Gnupg-users wrote:
> The problem with messengers is that they are more inclined towards online
> usage and they need a central registry. As example as far as I know, perfect
> forward secrecy only works if there is an online connection to negociate the
> keys. To allow a pseudo asynchronous use, the double Double Ratchet Algorithm
> used in some messengers uses prekeys that have to be generated and uploaded
> so a server. And I guess you can deplete them.
Forward secrecy is definitely more challenging in a high-latency
environment like email. It's not impossible, but Signal's double ratchet
protocol is designed to be tolerant of reasonably long periods of
disconnection (in *very* handwavey terms, that's what the second ratchet
in "double" ratchet is there for).
The Really Hard Problem with double ratchet isn't comms latency, it's
group management. But that's also a problem with encrypted email. And
the greatest flaw in Signal's architecture is the authoritative keyserver.
It is possible to get most of the benefits of forward secrecy without
using double ratchet or authoritative servers. That's what DeltaChat [1]
is aiming for with Autocrypt2 [2].
(I would strongly recommend that anyone with an interest in PGP pays
close attention to what DeltaChat is doing - they are leaving the rest
of us in their dust)
Thanks,
A
[1] https://delta.chat
[2] https://autocrypt2.org
More information about the Gnupg-users
mailing list