On 13/11/2025 12:56, Andrew Gallagher via Gnupg-users wrote:
Hi, Peter.
On 13/11/2025 09:23, Peter Pentchev wrote:
- so, IF NO `--rfc...` OPTION IS SPECIFIED, GnuPG HAS TO default to
the least common denominator
This is not how GnuPG's compliance options currently work though;
non-default compliance options cause GnuPG to comply with *earlier*
specs, to improve backwards compatibility at the expense of
cryptographic strength.
It would be reasonable, and still solidly defensive, for GnuPG to emit
the old packet framing iff a compliance option such as --rfc2440 was
supplied, or if the key being encrypted to advertised old defaults, or
if the key material uses an algorithm or packet version that pre-dates
rfc4880. But it serves no purpose to continue to use the old format
with modern cryptography that legacy code can't understand anyway.
The important open questions are:
1. Since what version and year does gnupg accept the new framing of
packets that it can also accept with old framing? This controls when
senders will be able to use the new framing by default.
2. Since what year do all then-and-later commonly distributed OpenPGP
implementations accept the new framing of packets that gnupg can send
with old framing? This controls when gnupg will be able to send the new
framing by default.
3. If either of the above questions are answered by "recent" (for
enterprise-frozen values of "recent"), should gnupg add options to
specify that the recipient follows a newer spec, such as rfc-4880, and
can thus decode the new framing of old packet types and can also handle
the new packet types introduced by that "newer spec"? Such an option
might be named --rfc4880plus or --no-rfc2440 (meaning don't implicitly
trigger option --rfc2440, but be careful not to create a contradictory
corner case where --rfc2440 is not the exact negative of --no-rfc2440).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
