potential IETF WG incompatibility with GnuPG 2.3
Vincent Breitmoser
look at my.amazin.horse
Tue Dec 13 12:07:20 CET 2022
Hey Bernhard,
On 13.12.22 09:35, Bernhard Reiter wrote:
> the working group has not yet come up with a needed refresh for many years.
> It has to be seen if whatever the IETF workgroup comes up with
> is a good update to RFC4880. (At least this is my personal view on this, I am
> not really involved in GnuPG's nor in the working group's work in this area.)
I'm not sure how you would qualify a "good" update here? If there is a new
revision it'll be the standard by definition, and you can conform to it
or not.
If you have doubts it will be a "good" update, they are currently asking for
a last round of feedback on it.
> In previous IETF OpenPGP standardisation processes, it seems that well working
> practice was considered to a large extend, it seems natural up to a point to
> try and see if new things are needed and useful.
Agreed. That's what the --rfc4880bis flag did, and reasonably so. But unless
I misread the commit, we're talking about GnuPG emitting a GnuPG-specific
certificate format by default here, so no experiment by any means?
> (Same as you did when you have decided to made keys.openpgp.org incompatible
> to the existing OpenPGP standard
Indeed, so I did. Notably the way we made it incompatible was fairly widely
discussed and thought acceptable, so much so that it was included in the
[rfc4880bis-05] draft Werner specified at the time, and is now also so
in the
[crypto-refresh-07] draft. Should also mention that the breakage here is
something that can be adapted to in GnuPG by a five lines patch, which is
not quite the same as a major version step of the OpenPGP message format.
What's more important however is that we were always open about this
decision, gave the specific reasoning and plans, and discussed it with
anyone who was interested, and did active outreach about it. Doesn't
mean we ended up agreeing on the issue, but c'est la vie.
> I am referring to this, because I do not like the insinuation of your email
> that GnuPG would be aiming to be incompatible
I'm not insinuating anything, I'm openly pointing out a commit that changes
GnuPG default behavior in a significant way, and asking what the plans here
are.
Cheers
- V
[rfc4880bis-05]:
https://gitlab.com/openpgp-wg/rfc4880bis/-/blob/main/old-drafts/draft-ietf-openpgp-rfc4880bis-05.txt#L4587
[T4393]: https://dev.gnupg.org/T4393#136751
[crypto-refresh-07]:
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-11.1.2
More information about the Gnupg-devel
mailing list