Kristian Fiskerstrand
<kristian(_dot_)fiskerstrand(_at_)sumptuouscapital(_dot_)com> writes:
The most common complaint I'm hearing about OpenPGP is that it is too
complex, as such I'm beginning to change my mind as to whether protocol
agility is only a good thing, maybe we should work more on getting to
consensus and reduce implementation complexity in order to make it possible
for better auditing of implementations etc.
The easiest way to do that would be through a profile of 4880. So instead of
opening up giant can of worms and trying to redo 4880 itself, where everyone
will want their own favourite change applied, publish a profile of 4880 with a
standard feature set for file encryption, email encryption, signed data, and
maybe one or two other things.
For example for file encryption you might have MUST AES, MUST MDC, MUST
Iterated and Salted S2K (why do the other options even exist?), MUST either
five-octet or partial lengths... I think that's about it. Then you can do PGP
file encryption in a pretty minimal amount of code rather than having to
include an entire protocol suite to deal with every obscure option in the
spec.
The profile option, rather than rewrite-the-RFC, is fully compatible with
existing implementations while allowing us to move forward on best-practice
mechanisms and ciphers and, above all, simplify implementation and testing.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp