We've talked about moving 2440 to DRAFT for a while now. We need to
do this. There are really two things we need: 1) two interoperable
implementations, and 2) verification of the requirements of the
protocol. Even though we're not meeting in Adelaide, I thought
kicking off some interoperability testing during the week would be an
IETF'ish thing to do.
Towards 1, I propose the following: We'll exchange encrypted, signed
objects exercising the various modes described in 2440. I'll keep
score, and publish the results for the WG. To participate, send me a
note with subject:
OpenPGP Compatibility Test 1
with directions on where to find a public key you'd like me to use.
I will send an object encrypted with the keys I have and signed with
mine on Thursday, Mar 30, 1500+930, at the conclusion of the SAAG
meeting.
When you receive the message, decrypt the object, validate the
signature, and send me back the results signed with your key. Your
response needs to include: the plaintext, what algorithms were used
and evidence you've validated my signature. My key is available on
the MIT key server.
For 2, we'll need to build a compliance matrix to verify that all the
required elements of 2440 have been treated (or not). If we find
features that have not been used, or are disputed, I will propose
eliminating them unless resolution is desired, and found. I'll start
on 2, but I'll be looking for help.
Remember, the subject of the message is: OpenPGP Compatibility Test
1. I'm filtering messages by the subject to get your entry. If you
don't use this subject, I might miss you.
The message will go out at the end of the SAAG meeting on Thursday.
best,
--
john noerenberg
jwn2(_at_)qualcomm(_dot_)com
----------------------------------------------------------------------
But now I know our world is no more permanent
than a wave rising on the ocean.
-- Arthur Golden, "Memoirs of a Geisha", 1997
----------------------------------------------------------------------