[Top] [All Lists]

expediency and avoidance of politics

1997-11-24 17:14:46

It seems to me that the debate over CMR and it's more secure
alternatives could easily be deferred to OpenPGPv2 with no
compatibility issues.

The way that CMR/ARR field is encoded in the draft is that it is a
signature subpacket type.  Signature subpacket types are extensible;
that is an implementation already has a defined method to safely
ignore subpackets it does not understand.  This means that no one will
experience compatibility problems if the experimental CMR subpacket is
only implemented by PGP Inc.

Avoiding, or deferring the political debate seems like it would be a
good idea for a number of reasons:

- it would allow us to focus on getting OpenPGPv1 out in a timely

- it would allow more time for PGP Inc to get feed-back on this
  controversial experimental feature from their customers as to how
  CMR performs functionally in practice (I am expecting there will
  be complaints about the lack of ergonomic recovery from forgotten
  passphrases -- all files have to be re-encrypted), how the security
  of the system holds up (how well companies are managing very
  sensitive CMR master keys), and to gauge customers acceptance of the
  feature politically.

- it will give time for more secure competing proposals (such as local
  escrow) to be developed for recovery from forgotten passphrases.

The consolidation phase would then be in OpenPGPv2 where the better
solution would be chosen in OpenPGPv2 for standardisation.


<Prev in Thread] Current Thread [Next in Thread>