On Sun, Mar 15, 2015 at 3:41 PM Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
On Sun, 15 Mar 2015 18:57, singpolyma(_at_)singpolyma(_dot_)net said:
One of the big obstacles to OpenPGP deployments that I've faced over
time is the perception that it's "too complicated", mostly based on
the sheer size of the current RFC. There are two things going on
FWIW, having implemented both OpenPGP and CMS/X.509 (aka S/MIME) I can
only tell how easy it was to implement and maintain OpenPGP in contrast
to the S/MIME. Up until ECC support, only one RFC and not several every
few years changing huge RFCs with so much room for interpretation that
you can't implement them without looking at older standards and actual
implementations.
2) There are a lot of backwards-compatibility things (old-style
lengths, lots of different algorithms)
Actually there are not many algorithms. If you know two (with 64 bit
and 128 block length) you know all of them ;-). CMS hides a lot of
details by refering to BER or DER encoding and that is really hard to
test.
Agree. RFC 4880 is not terribly hard to implement in code if you focus on
the common use cases ("MUST" ciphers and modes) and ignore the optional
edge cases that very few people use in real practice. CMS and ASN.1 are
gross and painfully hard to implement by comparison.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp