On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote: > I agree with Professor Green. Maybe he and his students can > program a POC something more simple, preferably in Golang and > while using the NaCl* library.
Golang? Not Rust? :-P I do find it odd how many projects make such a big deal of what language they're written in. It shouldn't matter what language you use so long as it works (and is memory safe). > There was back then no Enigmail or other > MUA plug-ins and you could simply copy and paste your messages. Who wants to copy and paste messages? That's soooo 1995. > A real "modern" GnuPG should be IMHO the same as PGP was GUI based > back then. The GUI could be also cross-platform QT based, for > example. You can't script a GUI, but you can GUI a CLI - and there is no shortage of decent GUI interfaces for GnuPG. > I also don't understand why GnuPG needs so many components, like > pinentry, dirmngr and gpg-agent plus GnuPG itself, while MacPGP > from Mr Zimmermann was only one program. Most of those are separate because of security concerns. Monolithic systems may look simpler from the outside, but they're often a bucket of bolts on the inside. Role separation is your friend. > *And regarding key formats, standards, RFC's etc. my new NaCl > (pronounced salt) pub key which I use now with friends for email > communication looks like this :-) : Yes, it is possible to make very short public keys by stripping all non-mathematical information and using ECC (SSH's ECC keys are similarly terse). I'm skeptical of the long-term safety of ECC though (the NSA appears to agree[1]) so while it may be worth using for session keys I'm not going to trust it with my long-term identity. And the non-mathematical information has its uses if you're maintaining any sort of PKI. [1] https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/ -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
