This working group has an impressive record of inaction, evidenced by
both the impending expiration of the group's only document and the
version number's being only -01. There's been no work done here since I
came into the chair position a little over a year ago.
I was also disheartened to see that SHA-1 is still baked into this draft
in a few places.
I personally don't feel that designing the next generation of RFC is
within my technical skillset -- I can make informed criticism, but
that's a little different from saying "trust me, I know what I'm doing."
But I've been waiting patiently to see drafts, and for years I've been
telling people asking about SHA-1 deprecation "wait and let the Working
Group do its job."
I am absolutely sure there is interest in an RFC which gets rid of all
SHA-1 dependencies; however, the people who are interested are not
necessarily the ones who can draft a dependency-free RFC.
I feel let down. I'm fairly sure there are others who feel similarly.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp