On 12/17/24 9:02 AM, Werner Koch via Gnupg-devel wrote:
On Mon, 16 Dec 2024 15:22, Andrew Gallagher said:
[..] We had a direct hashing in the rfc4880bis which was then removed
from the draft for no good reason. [..]
You keep varyingly insinuating that stupid, inexplicable or even
sinister things happened in the IETF OpenPGP working group. And every
now and then, people chime in to correct your endlessly repeated
assertions. I'll do one more round of this, here.
There is a very simple, coherent and non-sinister reason why the
functionality you're referring to is not in RFC 9580:
The IETF process that led to RFC 9580 (working title "crypto refresh")
had a clear and limited charter. Produce an update to RFC 4880 (which
was published in 2007), with a narrow focus on updating the
cryptographic mechanisms. Additional specification work was put off to a
separate step.
The WG charter was defined this way to limit the work of producing a
coherent and solid update for RFC 4880 to a manageable scope. Had the
charter been more inclusive, I doubt if the process could ever have led
to a result.
So the WG, consisting of a broad set of stakeholders, did finally
produce an update to RFC 4880.
In a process that you opted to drop out of, at the very beginning, but
are now complaining endlessly about. You endlessly repeat a small set of
varyingly convincing arguments and complaints.
Frankly, I find your communication about these matters outrageous, at
times baffling, and often disturbing.
Your life's work - GnuPG - is based on Phil Zimmermann's PGP, which he
decided to specify as an open format under the name OpenPGP, so that a
diverse group of implementers could collaborate on the further
development of the technology.
Phil has weighed in, close to the end of the crypto refresh work in
2022, saying in no uncertain terms that he considered the IETF draft
(which has since become RFC 9580) compelling:
https://mailarchive.ietf.org/arch/msg/openpgp/tX6anWN_QKy-FudFanZYLoy-oYk/
("[..] the only draft that incorporates ideas from a wide range of
implementers, with strong modern cryptographic primitives in all
categories, with mechanisms that respond to documented attacks.")
And yet you keep insinuating that the IETF process was flawed,
illegitimate, sinister, and that truly the only reasonable path forward
is for you to continue to evolve rfc4880bis (now under your new
"LibrePGP" banner).
I understand that you've painted yourself into a corner, and I am truly
sorry to see this state of affairs. However, pretty please, stop
repeating your complaints about the IETF process. It's undignified and
silly.
Heiko
_______________________________________________
Gnupg-devel mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
