Salz, Rich <rsalz(_at_)akamai(_dot_)com> writes:
The WG has been stalled for a very long time and it's not clear this "last
minute" flurry of interest would fundamentally change that.
A complaint I heard many years ago about PGP 2 was that it wasn't obviously
flawed. What I'd say is that it was too good enough. There were problems,
but none of them were sufficiently fatal (at the time) to motivate any kind of
expedited move to a new version. OpenPGP is still too good enough, there's
lots of things there that you can nitpick but nothing really fatal, or even
close to fatal. For example the MDC is a rather a kludge compared to an HMAC,
but it's good enough. The weird CFB mode is kind of a mess, but it's good
enough. The whole thing is just too good enough.
If you wanted to update OpenPGP now, you'd be breaking compatibility with vast
amounts of data stored in the current format, and lots of deployed PGP
implementations that aren't GPG and that can't readily be updated. In
addition, since what we've got now is too good enough, there are no obvious
bits that need to be replaced, just a huge pile of everyone's favourite trendy
things to add that no two people can agree over.
Or you could throw everything out and start again, get rid of the hand-
Huffman-code of lengths, replace the kludgy KDF with Argon2, replace the MDC
with HMAC, and so on, and suddenly you've got a totally new protocol. Sort of
what the HTTP WG did with HTTP 2.0, or the TLS WG did with TLS "1.3". The
HTTP WG essentially forked HTTP, it's too early to tell what the TLS WG will
achieve but it's probably the same thing.
So, I'd say leave it as it is. It's already too good enough, and having two
incompatible versions floating around will do the exact opposite of helping
with PGP adoption.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp