We should talk about Werner Koch's response gpg.fail on the oss-security mailing list.
openwall.com/lists/oss-securit…
Yes, and actually the only serious bug from their list.
Koch either didn't watch the talk, he is in such defense of his own ego that he can't see how serious the bugs were, or he's tacitly admitting that PGP is not a serious recommendation.
Can you distinguish between these three explanations?
Could it be all of them are true?
ImpactWhile this may allow remote code execution (RCE), it definitively causes memory corruption.
Good research.
I think this sarcastic quip is what reveals Werner Koch's opinion about the security researchers and their work.
The rest of his email is measured (and partly responding to other mailing list participants rather than the disclosure directly).
adb
in reply to Soatok Dreamseeker • • •what I don't get is why you take this opportunity to attack #pgp in general, like taking the opportunity to push for some agenda, the site is called gpg.fail, GPG not PGP, most of the problems are related to gpg or some C code implementation bug, or using gpg and others in the command line and getting tricked by some ansi printing in the terminal, how that translates to "let's kill pgp"? ex. none of the listed problems affect #DeltaChat at all
(I was present in the gpg.fail talk btw)
feld likes this.
feld
in reply to adb • • •@adbenitez it's a bit like saying "After seeing the arrogance and dismissiveness of the OpenSSL devs, we should come up with a way to replace TLS and x509"
okay
Soatok Dreamseeker
in reply to Soatok Dreamseeker • • •I think 2026 should be the year that we make PGP irrelevant.
Not just GnuPG (Koch's implementation), but the entire OpenPGP ecosystem.
Most cryptographers I talk to gave up on PGP over a decade ago.
(After seeing the arrogance and dismissiveness that bled through Koch's oss-security email, who can blame them?)
If you're a country whose government mandates the use of PGP, even in obscure places, let's talk about how to replace PGP.
Petr Menšík
in reply to Soatok Dreamseeker • • •Soatok Dreamseeker
in reply to Petr Menšík • • •ArcaneChat
in reply to Soatok Dreamseeker • • •there has been so many projects wanting to replace email or claiming "email is dead" at the end of the day there is only one survivor, and it is not them
you can't kill email, it is undead
@pemensik
Soatok Dreamseeker
in reply to ArcaneChat • • •ArcaneChat
in reply to Soatok Dreamseeker • • •I see...
@pemensik
holga
in reply to Soatok Dreamseeker • • •Why do the failures of gpg imply that openpgp and rfc9580 are bad? Have you looked at modern ways of doing openpgp and email like chatmail.at does it?
See also chaos.social/@delta/1157966260…
There are also many broken ways to implement signal protocols but they are not useful as examples for discrediting signal.
Chatmail
chatmail.atDelta Chat
2025-12-28 10:04:51
Soatok Dreamseeker
in reply to holga • • •@hpk Despite the domain name being GPG focused, some of gpg.fail affected other implementations.
The only people who still want PGP to be a thing are in a fucking cult, I swear
google stapler quartermaster
in reply to Soatok Dreamseeker • • •holga
in reply to google stapler quartermaster • • •