Vincent Breitmoser <look@my.amazin.horse> writes:
The reason this happened, I strongly suspect, is exactly because they treated
GnuPG as a reference implementation: they tested that it worked against GnuPG
(or some frontend), found it worked in practice (without even a warning), and
then left it at that.
This is a problem with several protocols where there's a single widely-used
implementation. It also affects SSH, a standards-conformant implementation
isn't something that follows RFC 4251-4, it's something that you can connect
to with Putty (server) or that connects to OpenSSH (client). That really is
the conformance-test for SSH, "we can connect to it with Putty, it's now
complete and fully standards-compliant".
Maybe all of these unofficial reference implementations need a strict-checking
mode for when they're being (incorrectly) used as reference implementations...
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp