On Tue, Apr 15, 2008 at 3:03 PM, Robert J. Hansen <[EMAIL PROTECTED]> wrote: > One of the best techniques available to us for controlling complexity in > software--and definitely the simplest--is to take a chainsaw to the > feature list. Go through the specification and copy down every single > MUST. Stop right there. Implement the MUSTs, make them rock solid > reliable. Only then allow yourself to start worrying about SHOULDs and > MAYs. I thought gpg already implements the MUSTs very well (ok sometimes there are security problems but this will probably never go away with any software).
> > Apart from that I had some discussions with Christoph and we both think, > that the RFC should be much stricter, especially in what is required. > Bring it up with the working group. He's still writing ;-) > I know of at least one major telco which was, for a while, using OpenPGP > to secure billing information on a national level. That was some years > ago, though, and they may have changed their system since. (Due to NDA, > I'm unable to disclose the telco name.) Unfortunately I see a general trend to use the simpler but weaker hierarchical model of X509.... :-( Like the German national authorothy for digital signatures.... they only offer X509. btw: Some time ago I've asked them where I could met one of their officials to securely get the root certificate...they told me that this is not possible, and that the root certificate is only available via an ldap server... LOL (You must know,.. in Germany there are no man in the middle attacks, so this is actually secure *G*) > > And for your specific example, no one forces the insurance company or > > the bank to use the newer versions/features. > Except for people like you, who say "it's not hard to upgrade GnuPG, so > there's no reason to be concerned about interoperability with old > versions". Why? Just because new (perhaps incompatible) features are added in newer versions,... nobody has to use that newer versions, right? Best wishes, Herbert. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users