On 13 Sep 2025, at 07:25, Jacob Bachmeyer via Gnupg-devel
<[email protected]> wrote:
>
> Do I correctly gather that LibrePGP defines v5 and RFC9580 defines v6?
Partly, yes. LibrePGP defines version 5 keys and signatures, type 20 aead/ocb
encrypted data, and various other minor changes. RFC9580 defines version 6 keys
and signatures, SEIPD2 encrypted data, and other changes - some of which
correspond to librepgp and some of which do not. “v5” and “v6” are often used
as shorthand, but they do not capture the whole picture. Daniel’s summary at
https://mailarchive.ietf.org/arch/msg/openpgp/aqBy97lj2P4DVxTds0eKZDVdmms/ is
technical, but comprehensive.
> If so, where is the problem? What prevents both of those from co-existing
> and implementations eventually supporting both?
Technically, there is no fundamental issue - several library implementations
currently support both, to various extents. The real trick is how to present
(or avoid presenting) these changes to the user. Choreographing a version bump
is tricky enough at the best of times —organising two competing ones
sumultaneously has taxed the minds of many people in the *pgp space to
destruction and back.
As Kai pointed out in another reply, there are mechanisms (both current and
potential) available to help ease a transition, but these all depend on the
various implementations playing nice with each other. If one major
implementation does not wish to cooperate, users of all implementations will
inevitably stumble over interoperability issues at some point, and mitigating
the resulting pain is very difficult, and probably impossible, through
unilateral action.
A
_______________________________________________
Gnupg-devel mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
