[messaging] [FORGED] Fwd: alternative to OpenPGP?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Aug 17 04:39:25 PDT 2015


Mansour Moufid <mansourmoufid at gmail.com> writes:

>The trend in writing standards or designing protocols is to try to anticipate
>implementation bugs very early on.

Huh?  The trend in writing standards or designing protocols is to throw in
every fancy new mechanism that anyone on the standards committee has ever
heard of (that's not snark, that's literally the single most observable trend
that I've seen when creating a new standard).  Only once in the entire time
that I've participated in the IETF standardisation process have I seen any
discussion of real implementation issues (rather than abstract theorising and
gedanken experiments), and that was when the TLS group discussed issues of
using zero-length data blocks as a workaround for the lack of explicit IV's in
TLS versions before 1.1, some crypto hardware would have problems with that.
That situation was so unique that it's stuck in my mind ever since.

An extreme counterexample to your claim was provided by the PKIX standing
committee, who for one standard, when it was pointed out after interop tests
that it didn't work, commented that they'd push it through as a standard
anyway and then people would have to figure out how to make it work.

(Needless to say it's virtually unused by anyone, and the few implementations
of it don't interoperate, and in some cases barely even operate).

Peter.


More information about the Messaging mailing list