[I am not on the tls list, feel free to resend it]
On Thu, 17 Jan 2002 16:39:20 -0800, Will Price said:
Another important point about backwards compatibility: the current
OpenPGP/TLS draft already has well over a million deployed clients.
This is an expired draft and as such not anymore accessible.
And:
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
Every PGP client since I believe 6.0.0 (September 1998) supports
PGPtls as described in the draft, and every PGP Keyserver since that
PGP has a lot of proprietary features which are either in conflict to
OpenPGP or not documented at all. NAI folks are talking for years:
"We will write up the specification RSN" - I have never seen more than
these announcements. Some non-NAI folks reverse engineered the format
of the photo ID from actual PGP output, so that David Shaw could
implement this in GnuPG but most other stuff is unknown and NAI is
even dropping OpenPGP required features (v4 sigs on data) - well may
be this is a bug, but those things have happened far too often.
While PGPtls in the PGPsdk was the first implementation (for which
source code is currently available at the pgp website, and part of
every source release we've done for the last few years), I know
And since you re-opened the source for >= 7, you use a license which
makes the source useless and actual dangerous for a programmer to look
at.
In addition to ignoring all the fielded uses and implementations of
OpenPGP/TLS, Nikos' proposed changes also suffer from the dependency
There is no documentation on this format - may be PGP implemented that
draft but nobody writing TLS or OpenPGP code is able to even check
this as there is no usable source.
If NAI would have been interested in standard conformace, the draft
should be reissued regulary and the extensions to OpenPGP discussed
with the OpenPGP WG. The same thing goes for OpenPGP features like
MDC and a new transport format for secret keys - NAI seems not to be
interested in it anymore.
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus