I also absolutely agree with Adam's suggestion of simplifying data
structures. I'm just starting to implement PGP 5 packets; they are
*horrendously* over-complicated by the facts Adam mentioned. As he has
said before, "bits are cheap" - we can spare a few here and there ;-)
A scheme with "32 bit length fields, whole byte (gasp the extravagance,
a whole 8 bits!) packet types, 64 bit CFB etc." would be much easier for
new implementors. Using standard cipher-block-sized CFB would make it
*much* easier for people to implement PGP with any of the crypto
libraries springing up, without requiring said libraries to do
non-standard encryption modes. It may also reassure relatively new
crypto people that we are not doing anything 'funny' which may
compromise security. (I know we're not, but it's easier to explain to
someone who doesn't know that if you can simply point to a page in
Schneier).
Of course keep the description of the current system for backward
compatibility as a MAY. But to quote Dave Crocker yet again ;-), we can
view our nascent standard's non-MUST backward compatibility as a problem
or an opportunity. I think we should seize this opportunity now while we
have the chance.
Ian.