On Wednesday 12 March 2003 07:25, Jon Callas wrote:
This is on the list of things to improve someday. Remember, though, that
every day an engineer is working on Feature X, they are not working on
Feature Y. If V3 keys are deprecated, it moves up in priority list.
This is indeed the crux of the issue.
Everyday that OpenPGP implementors
are working to add crufty old versions,
they are not adding new, useful and
current code.
Implementors are free - and many do -
to add pgp2.6 features to their products.
But, that's the implentation of a product,
not the standard known as OpenPGP.
It's a market decision; and it would seem
that for as many implementations out
there that have a need for pgp2.6, there
are those that have no need for pgp2.6.
There was once a view that for OpenPGP
to succeed, it would need to embrace the
old pgp2.6 stuff. That was shown to not
be reality when most users switched to
the newer formats, far faster than many
expected.
There are few pgp2.6 users left (those
that use it on a regular basis, as opposed
to people with old messages encrypted
in old formats) and there are even fewer
of those that need a single client that
compatibly switches between the two.
There is no reason, AFAICS, to even
mention pgp2.6 versions within the
OpenPGP central standard. Its place
might be in an appendix or the like,
describing how it is done, for those
who wish.
The overriding need for OpenPGP is
not to deal with old formats, but to
reduce the variants and complexity.
A simpler more solid standard will
result in more support; a more complex,
finicky, exceptions-laden monstrosity
will result in fragmentation and
uncertain growth as the big code
bases struggle to stretch into new
areas.
Deprecating v3 keys within the
standard does not need to mean that
an implementation MUST NOT support
those keys. Deprecation can just
define what it means to be OpenPGP.
--
iang