At 09:45 AM 11/5/97 -0500, Darryl L. Rowe wrote:
IMO, Phil/PGP should simply present the standard to IETF for
review, make any modifications, resubmit and so on a couple more
times and present a finished product.
This group simply illustrates to me the fundamental rule that to
really screw things up requires a committee. Though W. Geiger,
Jon and a couple others are signalling quite well, others have
an enhanced noise level which seems to be subverting any
progress while others (i.e. RSA) manage to get their PR licks in
on other fronts. (Wonder if any posters are RSA stooges ...?)
Thanks for the vote of confidence, but I disagree comepletely about just
"presenting" something to the IETF.
Before we at PGP Inc. started this working group, we informally discussed
something that we called "unencumbered PGP." This was PGP with no
encumbered algorithms. PGP 5.0 was the first stab at it. Actually, PGP 3
was the first stab at it, from even before the formation of PGP Inc. All we
did at PGP Inc. was to put a name to what had already been happening. (PGP
5.0 was the first release of the long-awaited "PGP 3" code. It got its
number bumped to 5 because of the Viacrypt products numbered "PGP 4.x" that
were actually modifications to 2.6.x.)
There were also a number of other things that were happening related to
that. Most importantly, we did not document the new key formats adequately.
We put out a newsletter (called The Zimmermann Telegram) this spring that
had notes on the new key and signature formats. When we did that, I sat
down with a copy of RFC 1991 and the Zimmermann Telegram article and
started writing some PGP-compatible utilities. I ended up with a long list
of deficiencies, exceptions, and oh-by-the-ways that made it impossible to
use those as specs.
This concerned me, because there are a number of people who make
PGP-compatible software who weren't going to have an easy time making it
work with the new stuff. I started lobbying to get this done. In those
days, we believed that the EAR provisions about providing "technical
support" being an export precluded us from documenting the packet format
except with ink on paper, too.
I also wanted to revise the packet format. I dislike the "hand
huffman-coding" in the PGP formats. There are other idiosyncratic things in
the way PGP works that I have no opinion about, but other people don't
like. I thought that housecleaning was in order. There are of course
problems with doing a housecleaning, particularly in migrating old software
forward, but that doesn't mean I don't want to houseclean, only that I
understand I'm not likely to see that desire fulfilled.
I don't know who exactly came up with the idea for an OP working group. It
was some combination of Charles Breed and me, sometime in late June. We
discussed the possibility with people in the IETF and people at PGP. We
warned people at PGP that making something be an IETF standard means change
control is released to the IETF, encumbered algorithms are disallowed
(which we were doing anyway), and so on. I warned people that PGP 5.x would
probably not be OP-compliant. Everyone agreed this was okay. (By the bye,
according to the spec I'm now finishing up, it isn't.) We agreed to all the
requirements that other people who want to make IETF standards have to.
This includes the SECSH people, the TLS people, and anyone else who starts
from proprietary technology.
We got a BOF for Munich. We called it OpenPGP so that everyone would know
what it meant. We also started working on an OpenPGP draft for Munich.
Everyone who worked on that draft worked very hard, but it was only less
woefully inadequate than what had gone before.
At the BOF in Munich, we put everything on the table. I said, "everything
is negotiable." At Munich, we were told that we've followed the procedures
more closely than most working groups do. We were also given the advice,
"stop being so nice." As the team of us formed the working group, we
settled a number of the questions left open at the BOF. One was that there
is to be no new format, we'd start OP from PGP 5.x because PGP 2.6 can't be
an IETF standard, the PGP 5 formats solve those problems, solve the
security weaknesses of the PGP 2.6, and they predate PGP Inc., too. If you
want to propose new formats once OP 1.0 is finished, that's fine with me!
I'm the editor for OP-FORMAT 1.0. My personal goal for the OP working group
is to get OP done ASAP, in such a form that anyone -- PGP Inc., Systemics,
Bill Geiger, and so on can build interoperable, expandable products from
it. And then I want to leave. I'm an engineer, not a spec maven.
By the bye, I want to say now that I've been grumpy about the October date
for the OP-FORMAT draft. When the WG was formed, I said I wasn't going to
make it, but I could make a Thanksgiving date. I am someone who thinks
schedules are there to be met, not broken. I loathe being forced to play
for down one, if you'll pardon the bridge metaphor. I'm pretty sure I can
get the draft to John, Lutz, and Rodney by Friday so that it can be on an
FTP site after they are done with it, but it's not a foregone conclusion.
Like I said before, OP-FORMAT is not just a documentation of PGP 5.x. It's
based on PGP 5.x, but it has changes in it to make it a good IETF standard,
and PGP will have to catch up to that.
Jon Callas jon(_at_)pgp(_dot_)com
Chief Scientist 555 Twin Dolphin Drive
Pretty Good Privacy, Inc. Suite 570
(415) 596-1960 Redwood Shores, CA 94065
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)