[pkg-gnupg-maint] Bug#1104589: gpg: When selecting Ed448, GnuPG creates non-standard artifacts
Justus Winter
justus at sequoia-pgp.org
Thu May 15 15:42:06 BST 2025
Frank Guthausen <fg.debian at shimps.de> writes:
> On Fri, 02 May 2025 15:49:48 +0200 Justus Winter
> <justus at sequoia-pgp.org> wrote:
>>
>> when creating an Ed448 key, GnuPG creates a non-standard artifact:
>
> Which standard/version are you referring to?
I was observing a member of the Debian community creating such an key,
and then unsuccessfully trying to upload it to various key servers, as a
pre-requisite to getting it certified by other people. Therefore, I
think GnuPG as packaged by Debian did them a dis-service, and I wanted
to report that.
Being an OpenPGP developer, I expressed this from a very technical
angle, whereas I should have focused on the user experience. For
example, I wouldn't have objected to GnuPG creating a version 4 primary
key using EdDSA over Ed25519, though technically that also is kind of a
non-standard artifact [0] even though it was standardized after the fact
[1]. But, it is a widely supported artifact that the user would have
had no problems submitting to key servers and having other software
interoperate with.
0: https://datatracker.ietf.org/doc/draft-koch-eddsa-for-openpgp/
1: https://www.rfc-editor.org/rfc/rfc9580.html#section-9.2-6
Best,
Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20250515/d5e01bcf/attachment.sig>
More information about the pkg-gnupg-maint
mailing list