On 06/05/2026 09:44, Robert J. Hansen wrote:
One of the things I'm concerned about, with respect to LibrePGP/OpenPGP
direction, is it's easy to lose some of the best use cases of *PGP in
pursuit of the New Hotness In Crypto.
One of the best use cases is in bootstrapping a secure communications
network. From an almost wholly untrusted set of connections, with just a
little usage of GnuPG you can bootstrap the maze of technologies we
depend upon to communicate safely.
It would break my heart -- and endanger people -- if we lost
bootstrapping in the pursuit of PFS and other goals. I'd like it if we
could make it a point to remember it as a special high-value use case.
PGP's greatest strength (and its greatest weakness!) is its flexibility.
The building blocks it provides can be used for pretty much anything we
want. I wrote up a back-of-a-napkin scheme for how to do full double
ratchet in PGP last year. It doesn't need that many changes to the wire
format, but it would be quite an undertaking to implement it correctly
and safely (so no, I'm not going to build it any time soon).
What my scheme and DeltaChat's much simpler one have in common is that
they use a standard PGP key for the initial message round trip, but the
ephemeral key for subsequent messages. And if the message chain gets
broken, you can start again from the initial bootstrap. This gets you a
"progressive enhancement" security model that doesn't sacrifice any of
PGP's existing security features.
I do agree that we shouldn't rush into following any fads. It's
important for long term stability and interoperability that all of the
tyres are properly kicked before we put anything into production. That
does mean that PGP gets a reputation for being behind the times, but
that's not necessarily a bad thing - so long as we don't stagnate, or
dissolve into chaos...
A
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
