ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Requesting the editor to step down

2020-04-21 04:48:28
from [Justus Winter] [Permanent Link] 
Werner,

Vincent expressed concerns about *how* you fulfilled the role as the
editor, not *what* you did as editor.  Your response is only about
technical details.

Werner Koch <wk(_at_)gnupg(_dot_)org> writes:


On Fri, 17 Apr 2020 10:35, Ronald Tse said:


The said issues would be better resolved by finalizing the RFC 4880bis
document and publishing it.


Except for some unimportant details we already had rough consensus on
the I-D a long time ago.  There are even at least 3 interoperable
implementations of the new features.


There is clearly no consensus, not even a rough one, on key aspects of
the draft.  The fact that there are multiple implementations supporting
the features of said draft does not change that.

On the contrary: The official appearance of the draft and the fact that
the main author and editor of that draft also controls the most widely
used implementation is a strong incentive to implement it.  As an
implementation, you need to be compatible with GnuPG, whatever it does.
If GnuPG starts emitting something, you should better be ready to
consume it, otherwise your users will assume that your implementation is
faulty.  But, that is not consenting, that is being bullied.

From the top of my head, areas of major contention are the scope of
changes and AEAD.


With the attacks on the keyserver in the last summer there was the idea
to add countermeasures to the I-D.  They are now specified (attestation
key signatures) and I am not aware of technical problems with that
proposal.


Vincent mentioned a major technical problem with this: What is supposed
to be hashed for attestation signatures differs from all other
signatures.  There is no motivation given for this.  This either needs
to be aligned with how other signatures are computed, or properly
motivated.


Right, the Key Block subpacket[1] has not yet been discussed but I hope
this is non-controversial because it is another workaround for the
keyserver problems and allows for better decentralized use.


Have you considered discussing this with us?

For the record, this idea has been discussed on this list before [0],
and there were concerns raised in that thread.

0: 87ef6v71jm(_dot_)fsf(_at_)europa(_dot_)jade-hamburg(_dot_)de


All the best,
Justus

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Requesting the editor to step down, Ronald Tse
Next by Date:  Re: [openpgp] Requesting the editor to step down, Justus Winter
Previous by Thread:  Re: [openpgp] Requesting the editor to step down, Ronald Tse
Next by Thread:  Re: [openpgp] Requesting the editor to step down, Brian G. Peterson
Indexes:  [Date] [Thread] [Top] [All Lists]