ietf-openpgp
[Top] [All Lists]

Re: New packets in PGP 6.0

1998-09-08 11:34:03
A number of things:

To Bill Geiger:

Bill, this isn't the first anyone's heard of the picture ID packets. I made
a proposal that we discuss them in draft -00. I distinctly remember
discussing the issue with you in Washington, and told you that they were on
our schedule for 6.0. Phil made a couple of pleas for them, and Hal
submitted a definition suggestion to the list. It was met with a resounding
thud. William Simpson argued forcefully against them for 1.0, and since the
only people who really seemed to be *for* them were NAI people, I let the
issue drop. Ironically, the reason for *not* putting them in V1.0 was that
no one has implemented them, so they should get field experience before
going in the standard.

I admit that I did not raise a huge stink over the issue, but if you
weren't aware of it, then you weren't reading your mail. I've worked hard
to balance being the spec editor along with working on PGP. I let that
issue drop because I felt that pursuing it any further would be ramrodding
a feature into the spec just because we implemented it, especially with the
WG saying there should be implementation experience *before* the feature
went in the spec. I did keep the WG chair informed of the entire situation,
though. 

You are indeed correct that it's a faux pas that it uses 17 for the packet
id and not something in the 60-63 range. I argued the same thing here at
NAI, but I lost that debate. I discussed it with John Noerenberg, who
agreed that it was a faux pas, but not a big one -- especially given that
the WG consensus was that there should be an implementation first.
Nonetheless, I agree with you on *that* part of it wholeheartedly. The NAI
developers are running the risk that OpenPGP 1.1 will define non-text user
ids to be something incompatible with what they did for PGP 6, and they'll
have to adapt.

The PGP developers argued that they should not use the experimental range
because doing so would de-facto use up that opcode because of all the
copies of PGP 6 that would use it. I see their point, but I diagree.

To William Simpson:

It has *not* been over a year for the spec. The OpenPGP BOF was in Munich,
Aug '97. The approval from the IESG came on Sept 18. Yes, it took me nearly
two months to get the -00 draft out, but I disagree completely that the
whole process could have been done in substantially shorter time. The two
major complaints I've gotten about the pace have been that we're taking too
long and that we're moving too fast. Even at the langorous pace we've
taken, we've only gotten where we are by aggressively deferring issues.
Getting complaints about pace from both directions is to me a pretty good
indicator that we're somewhere in the "fast enough" range even if it's at
the slow end of that range.

        Jon



-----
Jon Callas                                  jon(_at_)pgp(_dot_)com
CTO, Total Network Security                 3965 Freedom Circle
Network Associates, Inc.                    Santa Clara, CA 95054
(408) 346-5860                              
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
              665B 797F 37D1 C240 53AC 6D87 3A60 4628           (RSA)

<Prev in Thread] Current Thread [Next in Thread>