ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: OpenPGP as a standard

2000-08-04 14:03:09
from [Jon Callas] [Permanent Link] 
At 3:49 PM +0800 8/4/00, Erron Criddle wrote:

To all,

I'm e-mailing regarding the possibility of OpenPGP becoming a standard.

From discussions with people who have been involved with the standards
process, they believe that the OpenPGP RFC has a long way to go before it
would be accepted as a standard because the processing requirements of
OpenPGP have been superficially regarded with respect to packet formats
such as the calculation of the length of a packet and the combined security
of the actual packet (ie as OpenPGP is a security standard, so NO data
should be spooled to disk unless it is encrypted somehow).



Huh? Which people?

I agree with Werner. The only things that are needed are for some people to
do some interoperability testing, and buffing and polishing on the spec.
You and others have pointed out places where it's not as clear as it should
be. Lots of us have been looking at it for so long we can't tell. All of
the discussion about things lately has been great for clarifying the spec.




For example, in order to calculate the length of a stream of literal data
(before it is prepended with a one pass sig and appended with a standard
sig, and subsequently compressed then encrypted), you have to spool the
data to the disk if it is a very large file. In order to maintain security,
the data SHOULD be encypted to disk, however when we want to build the
above packet, we would then have to decrypt the data so it could be
prepended with the 1P sig, appended with the normal sig and then compressed
then encrypted ONCE AGAIN...etc etc

This is one example I have been quoted and I cannot say there are
equivalent examples that "may" slow down the process of OpenPGP becoming a
standard.



You bring up an interesting issue, but it has nothing to do with OpenPGP
becoming a standard. Sorry. It's always possible that you *can* come up
with a situation where as an implementor, you have to spool data to disk
while processing it. Cope.


Can anyone give me any information on the status of OpenPGP in becoming a
standard as this information would definitely be helpful for those who are
implementing the OpenPGP RFC.



As has been mentioned, there has to be some interoperability testing done.
That's mainly what has to be done. Then we just need to agree whether 2440
or some later draft progresses, and then push it on the line. If it's a
later draft, then that has to become an RFC.

        Jon
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OpenPGP as a standard, Erron Criddle
Next by Date:  Re: OpenPGP as a standard, hal
Previous by Thread:  Re: OpenPGP as a standard, Erron Criddle
Next by Thread:  Re: OpenPGP as a standard, hal
Indexes:  [Date] [Thread] [Top] [All Lists]