On 17 Feb 2005, at 12:18 PM, aboietf(_at_)redtenbacher(_dot_)de wrote:
The recent announcement of Jon Callas et al. was - in my eyes - not
helpful at all. It solved a non-existing problem (not one single
existing OpenPGP implementation suffered from the "oracle" effect),
and the result in the media (at least in Germany) was rather
catastrophic: Even the (normally pretty conservative) Heise Verlag
published panic articles that "all automatic encrypt/decrypt systems
based on OpenPGP are broken"!
I'm sorry that the German press was so twitchy about it. I sent
releases to both Reuters and UPI here, and got a polite response back
from Reuters thanking me for being so humble about it. There's not been
a further peep on it, and I've been waiting for it. Should this ever
happen again, I'll try to make sure that the German press isn't silly.
I know people who can do German translations -- not that I'm expecting
to ever have to do that again, mind you.
I think it would have been less helpful, however, to do as a different
organization did the previous week over a botched IV. They said that it
wasn't worth fixing and no one needs that anyway and there was a storm
of press over here.