-----BEGIN PGP SIGNED MESSAGE-----
Lutz Donnerhacke wrote:
* Paul Hoffman / IMC wrote:
I hope that the next version of the OpenPGP draft says what is required,
what is suggested, and what's completely optional. The phrase at the
Should I? Suggestions?
My position is that the first draft should seek to document the existing
software. If the existing software has optional paramaters, then it can
However, as a practical issue, we need to pick a single, published code
base from which to derive a standard. My understanding is that this is
PGP 5.0. Therefore, the logical approach is to document what PGP 5.0
does. From this point of view, there is no inherent need to "suggest"
or make optional, because PGP 5.0 does it or it doesn't.
However, there will be some points of confusion, as PGP does make some
difficult choices that fly at odds with something or somebody
somewhere. The two contentions that spring to mind are:
* the infamous CMRK packets that play their part
in an emerging PGP architecture to meet corporate needs,
* the decision to default to ElGamal keys, which is
incompatible with 2.6 and before.
Not entering into IMHOs at this point, these are issues where I can see
that this forum must debate the relative merits of the code's approach
(i.e. PGP 5.0) and decide to accept, reject or modify. Here, clearly,
the require/suggest/may language becomes more appropriate.
However, these areas are relatively minor. On the whole, I believe we
need a standard that basically documents 5.0. Then we can start working
on mods and improvements.
Standards are about compatibility and bringing the existing users
together. Not about new work. New work is done by lone hackers
greeting the dawn with that last bug fix. Standards are done by
committees. This forum seems to fall into the latter category to me.
FP: 1189 4417 F202 5DBD 5DF3 4FCD 3685 FDDE on pgp.com
-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.21
-----END PGP SIGNATURE-----