Specification for Kyber in GnuPG

Heiko Schäfer heiko.schaefer at posteo.de
Mon May 6 14:37:55 CEST 2024


On 5/6/24 1:40 PM, Werner Koch via Gnupg-devel wrote:
> ps. Let me remark that this is not the IETF OpenPGP WG which
> unfortunately had been hijacked in 2022 by a small group of people
> trying to undermine the stability of the OpenPGP protocol with their
> irresponsible changes (aka crypto-refresh).

All of this is a very odd thing to write, from my perspective.

I'd like to point out for the record that this so-called "small group" 
included very active participation by Proton AG, who are the main 
implementers of both OpenPGP.js and GopenPGP (and who deploy one of the 
bigger OpenPGP-based products on the planet).

Also: "trying to undermine". Really?

Extraordinary claims require extraordinary evidence.
I'd love to see the evidence for that claim.

You seem to be saying that you believe a group of people has colluded to 
spend very many person years in the IETF process, just to make the 
OpenPGP standard worse? That does not sound like a very plausible 
assertion to me.

Maybe what you are actually trying to say is that there is a technical 
difference of opinion regarding the future direction of the standard.
And that you believe your judgment for a good future direction is more 
valid than that of some other group of people. Which ... sure, it's fair 
if that is your subjective assessment of the situation.
However, it almost appears to me as though you are attempting to 
underhandedly smear the parties on the other side of that difference of 
opinion.
Which, to my mind, wouldn't be a very good look.




More information about the Gnupg-devel mailing list