As I have to keep reminding folks every few months, the charter of this
WG was to update the old RFC-1991, document the actual design of PGP
5.0, make some choices about what we were going to keep (IETF assumes
change control), and specifically was supposed to avoid disenfranchising
earlier PGP users.
The second deliverable, which as I remember was a PKI, we dropped from
the Charter.
This was not supposed to include 5.5, and certainly not 6.0.
Unfortunately, Callas turned out to be incredibly slow at writing
documentation. A typical programmer problem. So, what should have
taken at most 3-4 months, took over a year.
Meanwhile, they've come out with new versions. Can you blame them?
Silly folks are trying to make enough to keep eating....
From: "William H. Geiger III" <whgiii(_at_)invweb(_dot_)net>
What exactly is the point of having a RFC if the PGP guys at NAI are not
going to follow it? I had made the assumption that the PhotoID was being
added as a subpacket to the self-signature, as this would be supported by
the I-D and seemed like a logical place to put it.
But we don't have to follow them. Let's put the packet in the right
place in a "modifications" RFC. I'm sure they will come out with a 6.1
to follow the IETF. :-)
Note to the NAI people on the list:
You guys have know about this PhotoID for some time now. Why is it that we
are only hearing about this now? And even more germane, why are we hearing
about it from someone other than one of you?
If every time NAI makes a new release we have to hack through the code and
the output, what is the point of having an RFC at all?? It does not bode
well for a standard when the principle vendor breaks it with their 1st
release.
WSimpson(_at_)UMich(_dot_)edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32