AFAICT this is GnuPG specific and not OpenPGP related? Since GnuPG has pulled out of standards compliance anyway there are many better options. Sequoia chameleon even has drop in tooling for most workflows.

▲

rurban 20 hours ago | parent | next [-]

They presented critical parser flaws in all major PGP implementations, not just GNU PGP, also sequoia, minisign and age. But gpg made the worst impression to us. wontfix

▲

pornel 11 hours ago | parent | next [-]

Sequoia is mentioned in only one vulnerability for supporting lines much longer than gpg. gpg silently truncates and discards long base64 lines and sequoia does not. So the vulnerability is in ability to feed more data to sequoia which doesn't have the silent data loss of gpg.

In all other cases they only used sequoia as a tool to build data for demonstrating gpg vulnerabilities.

	▲	tptacek 10 hours ago \| parent [-]
		The vulnerability that opens the talk, where they walk through verifying a Linux ISO's signature and hash and then boot into a malicious image, impacts both GnuPG and Sequoia.

▲

akerl_ 19 hours ago | parent | prev [-]

Since when are age or minisign PGP implementations?

	▲	pornel 11 hours ago \| parent \| next [-]
		They're not, but the flaws they found are independent of PGP. Mainly invalid handling of strings in C and allowing untrusted ANSI codes in terminal output.
	▲	some_furry 17 hours ago \| parent \| prev [-]
		The talk title includes "& Friends", for what it's worth.

▲

upofadown 17 hours ago | parent | prev | next [-]

I think it would be more accurate (and more helpful) to say that the two factions in the OpenPGP standards schism[1] have pulled away from the idea of consensus. There is a fundamental philosophical difference here. The LiberePGP faction (GnuPGP) is following the traditional PGP minimalism when it comes to changes and additions to the standard. The RFC-9580 faction (Sequoia) is following a kind of maximalist approach where any potential issue might result in a change/addition.

Fortunately, it turned out that there wasn't anything particularly wrong with the current standards so we can just do that for now and avoid the standards war entirely. Then we will have interoperability across the various implementations. If some weakness comes up that actually requires a standards change then I suspect that consensus will be much easier to find.

[1] https://articles.59.ca/doku.php?id=pgpfan:schism

▲

tptacek 17 hours ago | parent [-]

I'm sure getting a "nothing's particularly wrong with the current standards" vibe from this talk.

▲

upofadown 16 hours ago | parent | next [-]

Some of these are suggesting that an attacker might trick the victim into decrypting a message before sending to the attacker. If that is really the best sort of attack you can do against PGP then, yeah, that is the kind of vibe you might get.

▲

singpolyma3 16 hours ago | parent | prev [-]

The talk doesn't even cover anything from the current afaict

	▲	tptacek 16 hours ago \| parent [-]
		I believe that's incorrect but we may be referring to different things as "current".

▲

somethrowa123 20 hours ago | parent | prev | next [-]

no, some clearsig issues are a problem in openpgp standard itself

▲

Analemma_ 18 hours ago | parent | prev [-]

The specific bugs are with GPG, but a lot of the reason they can exist to begin with is PGP’s convoluted architecture which, IMO, makes these sorts of issues inevitable. I think they are effectively protocol bugs.