On Wed, Mar 06, 2024 at 09:43:00AM +0100, Werner Koch wrote:
> On Tue, 5 Mar 2024 11:15, Bruce Walzer said:
>
> > So just to be clear, I am not complaining that GnuPG implemented the
> > LibrePGP version of OCB. I am complaining that GnuPGP did #2 and #3
> > before implementation was close to
On Tue, 5 Mar 2024 11:15, Bruce Walzer said:
> So just to be clear, I am not complaining that GnuPG implemented the
> LibrePGP version of OCB. I am complaining that GnuPGP did #2 and #3
> before implementation was close to universal and did not clearly spell
Sorry, this is not true. OCB mode is
It seems to me that there are at least 3 decisions to make when
considering the implementation a new block cipher mode:
1. If your implementation will receive the block mode. Receiving a
block mode does not cause an interoperability problem. If anything,
this improves interoperability.
2.
I can do is to give my perspective of this which is
based on my experience re-implementing a free PGP version since 1997 and
while doing that taking part in the OpenPGP specification process which
started at the same time.
> https://security.stackexchange.com/questions/275883/should-one-really-
asked for what to do on Stack Exchange:
https://security.stackexchange.com/questions/275883/should-one-really-disable-aead-for-recent-gnupg-created-pgp-keys
The answer started with:
> While authenticated encryption (AEAD) is good - especially for something
> like OpenPGP, which is an
On Mon, 4 Mar 2024 19:05, Tobias Leupold said:
> IMO interoperability with GnuPG is crucial for this project. Most
> people using that on their phones will come from Linux, or they will
Actually most users will come from Windows ;-)
Salam-Shalom,
Werner
--
The pioneers of a warless
On Tue, 5 Mar 2024 00:16, Vincent Breitmoser said:
> The packet format referred to here is GnuPG-specific. In November
Vincent, please stop spreading wrong facts.
That is not a GnuPG specific but an agreed upon format by the
participants of the OpenPGP WG and implemented by all major
Hi Vincent!
Thanks a lot for this insight!
When it comes to encryption, I would consider myself a "power user", but
still a user. I never heard of all this until now. What I, from the
perspective of an end-user, saw was: I generate a new key. And then:
"Pass no work on me phone anymore,
Hey list,
OpenKeychain maintainer here. As Werner chose to omit some details here
that seem pertinent, I will add:
No, it is not because you are delaying the deployment of new and a much
faster algorithm mode.
The packet format referred to here is GnuPG-specific. In November 2023,
GnuPG
Hey Bruce,
On 04.03.24 21:53, Bruce Walzer wrote:
* https://articles.59.ca/doku.php?id=pgpfan:noae_shame
There is more if you search for it:
https://kagi.com/search?q=gpg+%22packet+type+20%22=no_region=HeSUA3hoI5SeCuA2TTrNig
Cheers
- V
___
hat. There is no hurry here.
Oh my. So the answer to my question "Should one really disable AEAD for recent
GnuPG created PGP keys" (or OCB/AEAD or whatever) is maybe "yes" after all ...
I mean, it's hard enough for most people to use public key encryption at all.
Even if the
On Mon, Mar 04, 2024 at 12:03:41PM +0100, Tobias Leupold via Gnupg-users wrote:
[...]
> After some research, I found
>
> https://github.com/open-keychain/open-keychain/issues/2886 ,
>
> describing this exact issue.
That would be the cipher block mode proliferation issue.
> As a possible
Hi Werner,
thanks for the clarification!
> All the major implementers (Ribose RNP, GnuPG, BouncyCastle, OpenPGP.js)
> took great care to first deploy the software with support for the new
> mode before actually creating keys with a preference for that mode [1].
> Unfortunately a small group of
On Mon, 4 Mar 2024 12:03, Tobias Leupold said:
> So: Is it wise and/or necessary to disable that for new GnuPG generated keys,
> for the sake of interoperability? Or will the others catch up and implement
No, it is not because you are delaying the deployment of new and a much
faster algorithm
Hi all :-)
Apparently, there are some problems with the new defaults that are set when
one creates a PGP key using a recent version of GnuPG (2.4).
I ran into this after generating a new ECC/ED25519 key to replace my "old" RSA
one. The problem showed up when I re-encrypted my pass password
15 matches
Mail list logo
