gpg4win expired code signing cert; please renew.

[Jay Acuna]

On Thu, Oct 16, 2025 at 6:37 AM Robert J. Hansen via Gnupg-users
<gnupg-users at gnupg.org> wrote:

> "Do the algorithms form a group?"
> There, done. If this doesn't make sense to you, you need to study an

I would say you failed.  You still haven't shown the scheme to be less
secure than the strongest mechanism.
It is an interesting result you are proposing that I could download an
encrypted file
from you, and without knowing what keys you used: encrypt it a second
time in order to
weaken the security of that payload.  I'd never expect taking an
already-encrypted file
from someone and encrypting it again with a PQC breaks the security.
That would be a bigger issue than the future existence of large
quantum computers.

And I would say extraordinary claims require extraordinary proof.

> because every ROT algorithm forms a mathematical group.

This is not ROT, either. and the Encapsulation method has also been
included in IETF standards for PQ/T key exchange.

> I'm afraid you don't understand: the onus is not on him to prove it's
> insecure -- it's on you to prove it *is* secure.

No. If there is a Proof of security for the output of a "gpg -e" command,
then that proof should be valid for its output  no matter what you do with
the output of that command after getting it.

For example; Applying a Rot13 to the output of a gpg -e  command does
not affect the original proof.   If you think the original output is secure
without knowing the key, then by definition it must remain secure
under any transformation which does not involve a knowledge of the keys.

> NSA isn't expecting it'll be available to their enemies until 2055. Add
> fifteen years to that and you're projecting out to 2070.

That may end up being an overly optimistic scenario.
IF you are all about saying the burden of proof is to prove it is secure,
then prove large quantum computers cannot arrive earlier 30 years
earlier than expected.

--
-JA