GnuPG 2.4.4 still using legacy packets?
Jacob Bachmeyer
jcb62281 at gmail.com
Thu Nov 13 05:27:56 CET 2025
On 11/12/25 12:17, Loup Vaillant wrote:
> [...]
>
>> LibrePGP introduces no changes from RFC-4880 with respect to this. So
>> in the world of GnuPG the new packet format is only "RECOMMENDED" for
>> cases where interoperability is not an issue.
>
> Let's be honest, interoperability has not ben an issues for likely
> more than a decade. Given that, and the legal argument above, in
> GnuPG word you SHOULD output the new format, and you SHOULD NOT output
> the old format.
>
> And now the real funny part. The latest version of LibrePGP states:
>
> "" If interoperability is not an issue, the new packet format
> "" is RECOMMENDED
>
> Same as RFC 4880. So not only GnuPG is in clear violation of the
> legal equivalent of a "SHOULD NOT" from a 18 year old RFC, the
> recommendation (and associated violation) persists even through the
> very draft it promotes.
Ah, but that is conditional on interoperability not being an issue.
I propose a more nuanced solution: output the legacy format iff the
cryptographic primitives used are compatible with the ancient PGP
implementations that only understand the legacy format, otherwise output
the new format since receivers that lack support for the new format
would not be able to use the message anyway because they also lack the
required algorithm support.
Note that this could potentially mean supporting the legacy format
indefinitely for RSA signatures, at least with whatever digests the
ancient implementations supported.
-- Jacob
More information about the Gnupg-users
mailing list