Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
ECC Ed25519/Curve25519 ready as default?
bernhard at intevation
Apr 25, 2019, 5:09 AM
Post #1 of 3 (345 views)
Permalink
Am Donnerstag 25 April 2019 13:50:34 schrieb Dirk Gottschalk:
> Am Donnerstag, den 25.04.2019, 08:42 +0200 schrieb Bernhard Reiter:
> > Is ECC ready to be the default?

Which probably means Encryption ECDH RFC7748: Curve25519
and Signature EdDSA RFC8032: Ed25519, see https://wiki.gnupg.org/ECC.

> I am concerned that such a default switch would break the compatiblity
> to many running foreign implementations of OpenPGP.

Best would be to compile a list (e.g. in the wiki)
as documented basis for a decision.

> Openkeychain, for example, does not support ECC, or it did not.

Its docs say it does since v2.8 (2014-08)
and more specifically Curve25519 since v4.9 (2018-02)

https://github.com/open-keychain/open-keychain/blob/HEAD/OpenKeychain/src/main/res/raw/help_changelog.md
https://github.com/open-keychain/open-keychain/releases

> I think we should establish the standard for ECC in OpenPGP first and
> then wait a while before switching to ECC as default.

Personally I've heard that progress on RFC4880bis is difficult,
so if it does not go forward, there still should be a point to switch the
default.

Best Regards,
Bernhard

--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

Attached Files:

Re: ECC Ed25519/Curve25519 ready as default? [ In reply to ]
aheinlein at gmx
Apr 26, 2019, 1:14 AM
Post #2 of 3 (341 views)
Permalink
Am 25.04.19 um 14:09 schrieb Bernhard Reiter:
> Best would be to compile a list (e.g. in the wiki)
> as documented basis for a decision.

Such a list should probably include frontend support as well, at least
for the major frontends. AFAIK, GNOME seahorse does not, at least it
does not offer creating ECC keys.

Andreas



_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: ECC Ed25519/Curve25519 ready as default? [ In reply to ]
dkg at fifthhorseman
Apr 26, 2019, 7:31 AM
Post #3 of 3 (341 views)
Permalink
On Fri 2019-04-26 10:14:51 +0200, Andreas Heinlein wrote:
> Am 25.04.19 um 14:09 schrieb Bernhard Reiter:
>> Best would be to compile a list (e.g. in the wiki)
>> as documented basis for a decision.
>
> Such a list should probably include frontend support as well, at least
> for the major frontends. AFAIK, GNOME seahorse does not, at least it
> does not offer creating ECC keys.

creating ECC keys isn't the issue here -- the issue at hand is
interoperability: if an implementation like GnuPG *does* default to
creating an Ed25519 key, how much of the deployed OpenPGP ecosystem will
fail to interoperate with such a key?

fwiw, i think GnuPG has been so entrenched that one of the main factors
for delay here will be with previous versions of GnuPG itself (someone
has already mentioned Debian Jessie on this thread).

But i agree that a list of commonly-used OpenPGP implementations, and
the versions at which they gained the ability to handle the different
ECC algorithms would be a useful thing to have.

--dkg

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal