ietf-openpgp
[Top] [All Lists]

Re: What this WG is doing

1997-10-29 01:57:39
At 10:39 PM +0000 10/28/97, Adam Back wrote:
Ian Grigg <iang(_at_)systemics(_dot_)com> writes:
Rodney Thayer wrote:
From: lutz(_at_)taranis(_dot_)iks-jena(_dot_)de (Lutz Donnerhacke)
IMHO: We can't document features or bugs made by a company while we are
working on the draft. We can't document bugs as features. Several
implementation flaws of PGP 5.x must be cleared in this draft.

Exactly what flaws of PGP 5.x that manifest themselves as aspects of the
message format are you referring to?

Anything to do with CMR.  This issue is well documented elsewhere,
elsetime, so I won't repeat it here (let me know if I should summarise).

Seconded -- no CMR.

Experimental new features should be implemented outside the standard.
IETF is supposed to document current practice, not bleeding edge
experiments of one vendor -- standards lag behind, and that's the way
it should be.

In general this is not correct, Adam.  There are numerous examples of
experimental work done within the IETF.  Good current examples include
multicast protocols, and IPv6.

However, our goal is not to go too far afield with PGP.

Clearly CMR is a contentious issue within this group (and elsewhere).
Rightly or wrongly, there is a perceived need for it by some who
nevertheless wish to encourage greater use of cryptography to protect their
organization's communication from others.

My view is that the protocol we produce should never mandate CMR.  But it
would be wise to document a means to implement it for those willing to risk
potential limitations on their interoperability with others.

So far, I see arguments on both sides of the issue.


It is possible to implement functionality extensions interoperably
outside the standard in that a proprietary extension can be used only
for communications between so enabled software.  The same kind of hack
to distinguish recipient type can be used as is currently used to
distinguish between things like pgp2.x, cryptix2.2.2 and pgp5.x -- the
keys have different version numbers.

We're not that far apart in our attitude here.

john  w noerenberg, ii
jwn2(_at_)qualcomm(_dot_)com
pager: jwn2(_at_)pager(_dot_)qualcomm(_dot_)com
  --------------------------------------------------------------------
  "The great man is he who in the midst of the crowd keeps
   with perfect sweetness the independence of solitude."
  -- Ralph Waldo Emerson, "Self Reliance", 1841
  --------------------------------------------------------------------