I'm gonna keep this. A good example of how a government bid for an open-source development is having an outsized impact. Ironically, it happened as the gov were switching away from Linux to windows.
Where I am, so much of the government money is wasted on code that ends up nowhere. Neither in the hands of the public nor where it's supposed to go
On the one hand, I am glad it finally got the proper funding. On the other hand, I would prefer more effort going into more modern implementations [1] or protocols[2][3].
And here we go, typical HN post flogging the virtues of GPG/PGP alternatives as some sort of "modern" implementation that by virtue of "modern" somehow makes it better than GPG.
In my day we used GPG and we liked it. Need to use a smartcard with a GPG key to SSH? well tie an onion to your belt and get ready to pull a standing triple gainer in bash. did you get the password prompt? well now its time to dive further young Padawan. Ease the cover of your X11 book open and pour through the warm inviting text of no fewer than three pinentry programs. balance the PGP and GPG manuals on each knee (thats what the onions for ya goof!) and study the .gpg config, as ed25519 may, or may not even be a PGP standard... perhaps the pin is entered properly in another TTY, so plug in your TTY monitor and get to work! easy as pie. still doesnt work? perhaps you still need to do a subkey cross-signature for your detatched authentication keys? it is now 4 AM which is when most "people" sleep but the prime witching hour for GPG divinations, stay true and persist!
now some people might say "validation and trust" are issues but back in my day we had key signing parties. oh they were all the rage, haughty and formal door-knob licking festivals (pre covid mind you) where you could greet your colleagues balancing a stale cookie on a plate and confirm --in the flesh-- this key was honest, and true and matched perfectly the arabica halitosis of the keyholder as they spittle their way through tales of last years divorce. Did your colleague from brussels get a haircut? hes dead to you now. revoke the key, burn every chair in your home, and seek out his new truth. to the GPG key servers!
and kids now a days will bemoan "keysevers!" rubbish. why, theres no more telltale glory than to sit at the helm of a CGI web form from 1991 as its calcified backend tucked deep in the bowels of some learn-a-torium lurches along the SUNOS disk platters querying an ocean, NAY, a veritable drowning pool of old keys of yore from anyone and anything. the mirthful chuckle from your first 512 bit key 17 years ago will sustain you! as you begin encrypting your message in no fewer than the seven keys listed for the faculty member to wihch you wish to divulge your nanas fudge recipe.
And good desktop management tools -- SCCM is a beast to set up but it's extremely powerful and there is nothing, even from Apple, as comprehensive and mature as AD.
It's not really surprising that a 100b company who specializes in writing software for specific business office-ish use-cases can beat an ad-hoc group of corporate volunteers mostly focused on the developer experience and the server space.
GnuPG needs to push to update OpenPGP to stay alive. OpenPGP needs to be updated. It lacks modern AEAD (the practical impact of a better authentication might be low in many use cases; but it has become a political problem).
The code base and CLI could also be modernized so that developers could easily use its API. Sequoia is doing a good job here.
>...the practical impact of a better authentication might be low in many use cases; but it has become a political problem...
In the ways that GnuPG is normally used the practical impact is zero because that is not how a stateless, offline protocol works. The content is authenticated by signing it directly, thus avoiding the extra complexity of a stateful connection oriented authentication scheme. The details here:
This is such a random argument, and you bring it up in every thread about PGP. No, it's not at all the case that authenticated encryption is only meaningful in "stateful, online protocols", nor is it the case that signatures and authentication tags are interchangeable. Even PGP doesn't agree with this weird argument.
The state is the authentication here. For stuff that is only sent once you can check the signature and you are done. Otherwise you have to maintain it for the duration of the connection and you are not going to want to sign every single message sent.
Newer versions of GPG do support AEAD modes of operation, but AFAICT they only appear in the "encrypted data" part of the resulting bucket of data and not in the "signature" part. The algorithms are generally supported though; search for 'aead':
The world is going to be locked into legacy CFB+MDC PGP pretty much indefinitely (because of the need to be compatible with an installed base which, owing to asynchronous messaging, can't be queried or negotiated with). As a result, to defend PGP as an ongoing practice, you're rhetorically required to argue that authenticated encryption --- not just modern AEAD, but the whole concept of authenticating ciphertext --- is overrated; 20 years of cryptographic research be damned.
As per the links I posted, drafts have been written acknowledging AEAD as something worth having, and code has been added to support those cipher modes. I don't think that anyone is is ignoring authenticating cipher text. But as you said, there's an installed base of, e.g., RHEL7, that cannot handle that. Some code does not churn as fast as semi-monthly web browser releases.
If you do not like PGP/GPG, you 'just' have to create a better way of doing things, and then 'just' have to convince everyone to switch their workflows to it.
I did notice that many GPG implementations (for email) are Germany based. Interesting. Also, I hope other government will start to offer their public keys as a means for encrypted submission of sensitive documents.
Rohde&Schwarz is better known for their test equipment.
Think oscilloscopes, spectrum analyzers and signal generators. They also sell massive amounts of production line testers for cellphones.
They are one of the big 3 in this field along with Anritsu and Keysight.
I am strongly anti-militaristic, but i'm glad if such horror has to exist some funds end up in FLOSS projects that directly benefit the general public (not some random FLOSS project that only makes sense for the military) instead of always the same proprietary software vendors who are quite comfy with the whole military industrial complex (like Thales).
The concern many have with military involvement in encryption and other security standards is that while they want for themselves exactly what we want for ourselves, they have an internal conflict of interests due to the fact that they want a bit of the exact opposite for other actors¹ which, if those concerns win out and they have the influence to force through or block changes, this could lead security issues² that potentially affect you or I.
[1] They don't want the enemy (whoever that happens to be at the time) to be able to keep secrets as securely as they want to keep their own secrets.
[2] An accidental backdoor or side-channel vulnerability not fixed nor mitigations made known publicly, because it is useful once discovered and they have mitigations to protect their use, for instance.
That's why it's a good thing it's a FLOSS solution. Despite a track record of bad code and security, GPG has always been good-willed, and has progressed over the years. For sure having more eyes/resources on the code can only help. Also the recent Sequoia PGP project can prove to be an inspiration for further improvements.
