ietf-openpgp
[Top] [All Lists]

Re: Complexity not a dominant strategy for independant deployment

1997-11-24 23:27:49
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ian Grigg, <iang(_at_)systemics(_dot_)com>, writes:
Well, I have to disagree on that.  The difficulty is high.  I recall the
swearing going on when each one of the infamous bit twiddles was finally
debugged out of the Cryptix code - not pleasant to be on the same
mailgroup as that discussing yet another PGP furfy.
[...]
Up until now, it has been the fact that the only documentation was the
code.  PGP code is not the worst I've come across, but it's not the
best.  Having the code-as-dox is a reasonable strategy when it is well
written, but elsewise, you're adding a cost.  Having a complicated
standard will result in a three-way reliance of programmers on the
standard, the code and the conformance tests.

It sounds like the lack of documentation was a significant factor in
making the implementation difficult.  Hopefully with the new draft this
will change.

Maybe a more constructive approach is to ask whether the description
in the new draft is clear and useful.  The draft is lengthy, yes,
but not very much of it is occupied discussing packet length headers,
and perhaps that portion could be made more concise.  We could include
some code samples if this is an area where people are afraid of the
implementation difficulty.

Hal

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNHpsl8Dh8jnv1nHwEQKDHACdFj5mO0jAcG6btDwTMJFeOfc3lc8AnRlg
GPPyD3efAG861J8HpuaGKvEc
=thRY
-----END PGP SIGNATURE-----

<Prev in Thread] Current Thread [Next in Thread>