> Unless you are on Windows where the server can't be accessed because it > uses a pretty limited set of TLS cipher suites. Thus the majority of > GnuPG encryption users are out of luck.
Huh, that's interesting. I was not aware of this issue, and wish you had reached out to me, or to supp...@keys.openpgp.org, or filed an issue on Hagrid. > Even with the fear of padding oracles on CBC and old as well as a forthcoming > attack, the restriction of the server to use only GCM based cipher modes is > not helpful. This BSI requirement was not known to me. While it would be preferable to stick with AEAD ciphersuites, I would of course add another ciphersuite if you say you consider this a worthwhile tradeoff. It would be good to sort out the policy issue at some point as well, but I understand that won't happen overnight. - V _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users