ietf-openpgp
[Top] [All Lists]

Re: hand huffman encoding at PGP world HQ

1997-11-23 11:20:41
Adam Back wrote:

I just read the draft.  Lots and lots of bit twiddling, 0 < x < 192 if
this bit is set, then 2 << x-192+y if this bit set, 8 bit proprietry
floating point format, the legacy length of length bit twiddling (0 in
two bit field masked out of CTB is 1 byte length field, 1 is 2 byte, 2
is 3 byte 3 is undefined).

Arrrgh!

All this bit twiddling and little hacks to scrimp on an extra bit here
and there is dangerous!  Which hacker is it at PGP Inc that thrives on
these bit twiddling hacks?  Come one 'fess up!

To be fair, when pgp[12].x was being hacked up, modems where slow, the
Internet was still non-commercial, hacker power rulze OK.  The whole net
was singing "every bit you save, we'll be watching you,..."

It's also true that PGP Inc still believe that bit-saving is a Good
Thing; someone on mac-crypto is arguing (Will Price?) that S/MIME is bad
because it has sigs in the two to ten K range, in complete contrast to
the lessons of Microsoft and the Internet.



Simplifying the structure and so forth is a good idea.  I wish.  But you
are arguing for a new standard that would be completely non-compatible. 
It's logical that you would argue that a minimal implementation such as
this would only include pgp2.6 compatibility, and even pgp5.x
compatibility, as a may.

Many have argued on this list for this sort of thing, and maybe it is
time to reverse the opportunity versus interoperability priorities.

Maybe it is time to recognise that the Open PGP result will be
incompatible with the user base, and no holds are barred.  That the
current software base is not suitable for standardisation.

From a commercial point of view this is very attractive.  Rewrite from
the ground up makes more sense, as I agree with you that the cost of
implementating a simple  standard from scratch is less than the cost of
implementing the pgp5.x model.  Then, introduce a compatibility hack
using pgp2.6 for the "classic" segment (if you can, simply invoke the
old pgp.  Guarunteed interoperability :-) .

There is an issue here on commercial grounds that will probably provoke
some interesting discussions.
-- 
iang                                      systemics.com

FP: 1189 4417 F202 5DBD  5DF3 4FCD 3685 FDDE on pgp.com