On 2025-01-14, Stephan Verbücheln <step...@verbuecheln.ch> wrote: > This appears silly from an engineering perspective, but there is a > specific motivation behind it: Proton (the mail company) wants this to > simplify the implementation of PGP with Browser APIs.
But is this motivation more important than a coherent ecosystem? > However, GnuPG's reaction to start their own standard is not helping > either. I agree that it is not helping on a coherent ecosystem, but I'm also having a bit hard time finding any other solution from the GnuPG side for a way forward if they think than 3 different ways of doing aead is an absolute no-go. At least publishing a spec/standard is much better than the same thing without a spec. A difference between GnuPG and many other implementers is that GnuPG (in libgcrypt) does most crypto by themselves where many others use third party libraries for most crypto and thus might have stronger feelings against many ciphers. > Bodies like IETF have to find a true consensus, not only > majorities, because there is no way to ensure proportional > representation of developers, users or other stakeholders. And it was quite clear a bit early on that the GnuPG people would be in the very rough end of a rough consensus. > The free software community is used to the problem that companies > intentionally send new people into standardization bodies just to tip > over the majority vote. We have seen this happen many times. In my > opinion, the OpenPGP schism has this smell, too. ack. /Sune
