Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
Maybe all of these unofficial reference implementations need a strict-
checking mode for when they're being (incorrectly) used as reference
implementations
gpg --compliance=openpgp ....
is intended to do just that.
In hindsight my phrasing of the problem wasn't the best, it needs both a
compliance-checking mode and someone who enforces it. At the moment the
compliance check is "the message is accepted by GPG/Putty/OpenSSH in it's
default/most-tolerant configuration", in the sense of "XYZ accepts our
message, therefore it's not our fault if your one doesn't". So you'd need
either some certification body that says "yes, your implementation really is
compliant", or for the standard implementation to warn that the other side is
non-compliant when a message is received from it in order to force it to be
fixed - think Vista's UAC warnings that were created in order to deal with the
everyone-is-admin-all-the-time assumption of many/most Windows apps at the
time.
Unfortunately I don't think either of those will be terribly palatable...
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp