On 2024-11-22, Frank Guthausen <fg.deb...@shimps.de> wrote: >> 1. The GnuPG upstream forked the OpenPGP standard into his own >> thing called LibrePGP, and GnuPG 2.4 implements that new thing >> and is by default incompatible with other OpenPGP implementations. > > Which kind of default incompatibility is implemented in GnuPG 2.4?
GnuPG people withdrew from the OpenPGP standardization process because of irreconcilable differences between parts of the working group, and has gone a different way of standardizing what's being done, called LibrePGP. LWN did an article in december about it. One of the biggest issues in the newest version of OpenPGP standard is, according to GnuPG people, the need in the OpenPGP standard to have 3 diferent ways of doing AEAD. One of them being quite more complex than the others while not as such better except if your business model involves storing user's private keys on your servers, which I consider a bit questionable. The OpenPGP standard only has one of the 3 as required (the theoretical best one), but the others are optional to implement. OpenPGP.js defaults to the complex one that is optional. LibrePGP supported by GnuPG and RNP (the pgp component of Thunderbird) The new OpenPGP spec is supported by Seqouia and the libraries done by ProtonMail. /Sune
