To all,
I'm e-mailing regarding the possibility of OpenPGP becoming a standard.
From discussions with people who have been involved with the standards
process, they believe that the OpenPGP RFC has a long way to go before it
would be accepted as a standard because the processing requirements of
OpenPGP have been superficially regarded with respect to packet formats
such as the calculation of the length of a packet and the combined security
of the actual packet (ie as OpenPGP is a security standard, so NO data
should be spooled to disk unless it is encrypted somehow).
For example, in order to calculate the length of a stream of literal data
(before it is prepended with a one pass sig and appended with a standard
sig, and subsequently compressed then encrypted), you have to spool the
data to the disk if it is a very large file. In order to maintain security,
the data SHOULD be encypted to disk, however when we want to build the
above packet, we would then have to decrypt the data so it could be
prepended with the 1P sig, appended with the normal sig and then compressed
then encrypted ONCE AGAIN...etc etc
This is one example I have been quoted and I cannot say there are
equivalent examples that "may" slow down the process of OpenPGP becoming a
standard.
Can anyone give me any information on the status of OpenPGP in becoming a
standard as this information would definitely be helpful for those who are
implementing the OpenPGP RFC.
Regards
Erron Criddle
Comasp Ltd.
Level 2, 45 Stirling Hwy
NEDLANDS WA 6009
Australia
Fax: 08 9386 9473
Tel: 08 9386 9534
http://www.comasp.com
ejc(_at_)comasp(_dot_)com