GnuPG design goals (Re: Bikeshedding while the world burns)

[Andrew Gallagher]

On 06/05/2026 09:44, Robert J. Hansen wrote:
>
> One of the things I'm concerned about, with respect to LibrePGP/OpenPGP 
> direction, is it's easy to lose some of the best use cases of *PGP in 
> pursuit of the New Hotness In Crypto.
> 
> One of the best use cases is in bootstrapping a secure communications 
> network. From an almost wholly untrusted set of connections, with just a 
> little usage of GnuPG you can bootstrap the maze of technologies we 
> depend upon to communicate safely.
> 
> It would break my heart -- and endanger people -- if we lost 
> bootstrapping in the pursuit of PFS and other goals. I'd like it if we 
> could make it a point to remember it as a special high-value use case.

PGP's greatest strength (and its greatest weakness!) is its flexibility. 
The building blocks it provides can be used for pretty much anything we 
want. I wrote up a back-of-a-napkin scheme for how to do full double 
ratchet in PGP last year. It doesn't need that many changes to the wire 
format, but it would be quite an undertaking to implement it correctly 
and safely (so no, I'm not going to build it any time soon).

What my scheme and DeltaChat's much simpler one have in common is that 
they use a standard PGP key for the initial message round trip, but the 
ephemeral key for subsequent messages. And if the message chain gets 
broken, you can start again from the initial bootstrap. This gets you a 
"progressive enhancement" security model that doesn't sacrifice any of 
PGP's existing security features.

I do agree that we shouldn't rush into following any fads. It's 
important for long term stability and interoperability that all of the 
tyres are properly kicked before we put anything into production. That 
does mean that PGP gets a reputation for being behind the times, but 
that's not necessarily a bad thing - so long as we don't stagnate, or 
dissolve into chaos...

A