ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Adding in BZ2 compression?

2003-07-07 14:23:07
from [Bill Frantz] [Permanent Link] 

At 9:21 PM -0700 7/3/03, David Shaw wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Jul 03, 2003 at 07:05:16PM -0700, Hal Finney wrote:


Jon Callas writes:

I have a request for an algorithm number for bz2 compression. The
implementer in question has promised on a stack of holy books only
to use it along with compression prefs. Anyone object strongly?


I don't see a need to add another compression algorithm unless there is
something wrong with the ones we already have.  Adding a new one can only
hurt interoperability in the long run.  What is the reason for adding it?


I don't have strong feelings for or against adding bz2, but your
comment about interoperability raises a related issue.  In theory, the
preference system would prevent the use of bz2 except when it can be
properly handled by the recipient so there should be no
interoperability issues.

...

I have already seen a few examples of this problem (a PGP-generated
key with an IDEA pref being used on GnuPG, and a GnuPG-generated key
with a ZLIB pref being used on PGP).

I don't think the answer here is to restrict the use of new
algorithms.  2440 has this to say, which pretty much eliminates the
problem in the design:

  Since a self-signature contains important information about the
  key's use, an implementation SHOULD allow the user to rewrite the
  self-signature, and important information in it, such as
  preferences and key expiration.

I don't advocate making any severe changes in the preference system,
but perhaps the language here could be made a bit stronger?  Something
like "Note that without the ability to rewrite a self-signature,
interoperability issues may occur when the same key is used in more
than one implementation." would be great.


I realize this suggestion is getting into UI issues, but...

Perhaps implementations should also warn the user if the user's public key
includes features that are not supported by the implementation, and offer
to generate a new self-signature that does not include those features.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | "A Jobless Recovery is | Periwinkle -- Consulting
(408)356-8506         | like a Breadless Sand- | 16345 Englewood Ave.
frantz(_at_)pwpconsult(_dot_)com | wich." -- Steve Schear | Los Gatos, CA 
95032, USA
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  bis-08 notes, David Shaw
Next by Date:  Re: PoP & Signer's User ID subpacket?, Len Sassaman
Previous by Thread:  Re: Adding in BZ2 compression?, David Shaw
Next by Thread:  Re: Adding in BZ2 compression?, David Shaw
Indexes:  [Date] [Thread] [Top] [All Lists]