ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Issuer Fingerprint

2016-06-20 04:09:13
from [Werner Koch] [Permanent Link] 
On Fri, 17 Jun 2016 21:02, pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz 
said:


Uhh, I'll have to disagree (strongly) with that, perhaps from the point of GPG
this is true since it's the de facto reference implementation that everyone


Actually that is only the case for a couple of years.  Before that we
(GPG team) had to add a lot of of minor things to our code base to make
GPG interoperable with PGP >= 5.  Thus back then PGP was the de-facto
reference implementation.  True, there has been Tom Ritter's reference
implementation for OpenPGP (also published as a book) but it had not all
the little bells and whistles you need to have for true
interoperability.


makes their code compatible with, but when you need to interop across non-GPG
implementations it can get pretty hairy, I've had to reverse-engineer source
code and create instrumented versions of other apps that hex-dump data so I


Right, RFC-2440 (from 1998) missed to clearly document a couple of
important things.  So back then everyone either had to look at the PGP-5
source of PGP-5 (or had someone else to look at it), or to ask Derek or
Jon.  In the end this was taken to this list and eventually put into
RFC-4880.

If you, or any of the other implementers, still remember the problems
encountered while writing your OpenPGP code, I would very much
appreciate if you can tell us, so it can make it into 4880bis.


be compatible with the GPG de facto profile, in the same way that SSH code is
written to be compatible with the OpenSSH (server) and Putty (client) de facto


Ack.  I consider a spec modeled around _one_ existing implementation a
Good Thing.

My statement "The MUSTs, SHOULDs, and MAYs have been carefully designed
" was not meant to say that OpenPGP is a complete and bug free
specification but that it specifies enough to allow the creation of a
mostly *PGP-5 compatible* implementation without asking too much.
Compare that to the majority of other protocols which not only had
interop problems but also no published reference implementation.

BTW: Lacking an integrative implementers forum (like this OpenPGP WG),
your X.509 style guide was the only way forward to write halfway X.509
compatible implementation.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: https://alt-hochdahl.de/haus */

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Issuer Fingerprint, Peter Gutmann
Next by Date:  Re: [openpgp] Issuer Fingerprint, Werner Koch
Previous by Thread:  Re: [openpgp] Issuer Fingerprint, Peter Gutmann
Next by Thread:  Re: [openpgp] Issuer Fingerprint, Werner Koch
Indexes:  [Date] [Thread] [Top] [All Lists]