On 11/12/25 12:17, Loup Vaillant wrote:
[...]
LibrePGP introduces no changes from RFC-4880 with respect to this. So
in the world of GnuPG the new packet format is only "RECOMMENDED" for
cases where interoperability is not an issue.
Let's be honest, interoperability has not ben an issues for likely
more than a decade. Given that, and the legal argument above, in
GnuPG word you SHOULD output the new format, and you SHOULD NOT output
the old format.
And now the real funny part. The latest version of LibrePGP states:
"" If interoperability is not an issue, the new packet format
"" is RECOMMENDED
Same as RFC 4880. So not only GnuPG is in clear violation of the
legal equivalent of a "SHOULD NOT" from a 18 year old RFC, the
recommendation (and associated violation) persists even through the
very draft it promotes.
Ah, but that is conditional on interoperability not being an issue.
I propose a more nuanced solution: output the legacy format iff the
cryptographic primitives used are compatible with the ancient PGP
implementations that only understand the legacy format, otherwise output
the new format since receivers that lack support for the new format
would not be able to use the message anyway because they also lack the
required algorithm support.
Note that this could potentially mean supporting the legacy format
indefinitely for RSA signatures, at least with whatever digests the
ancient implementations supported.
-- Jacob
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
