Nothing like a deadline to motivate replies...
On Wed, 1 Apr 2015, Stephen Farrell wrote:
It would also really help me (and I suspect others) evaluate
messages if you could say something about how you fit into
the openpgp universe (e.g. "I wrote the foo implementation"
or "I run a thing with N people using pgp" or whatever). An
essay on that is not useful here, but a line or two could
be really good.
I consume PGP for encrypted discussion of embargoed security issues, e.g.,
in my role as a maintainer of MIT Kerberos.
Anyway here's the options:
option 1: do nothing - there's nothing much to do or at least
option 2: do maintenance work on rfc4880 - produce a 4880bis
option 3: do a major revision to openpgp - take rfc4880 as a
starting point but question all design decisions in the process
option 4: move beyond openpgp (or smime) to develop a new
flavour of end-to-end security for interpersonal messaging,
I think 2 is the most feasible so far, and we could get agreement on what
to do without too much teeth-gnashing. Option 3 is tempting, but it may
be a larger project than there is energy to take on. Option 4 seems like
it ought to be a new working group (and is additionally unlikely to gain
much adoption barring a bit player pushing it to users), so I don't think
we should tackle it here.
I also would prefer to not try to mandate a specific trust model or
models, though we can certainly have some in mind to ensure that what we
come up with is compatible with them.
-Ben
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp