[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pgp3



> Gary Howland wrote:
> > 
> > > Someone suggested to me that Derek posted a draft spec for PGP 3.0.
> > > Anyone know of the whereabouts of this document.
> > 
> > Yes.  That document has evolved to RFC 1991:
> > 
> > 1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange
> >            Formats", 08/16/1996. (Pages=21) (Format=.txt)

Hmm - I don't know I managed to make this post - I had started writing
a reply, but exited my mailer, and for some reason it decided to send a
cut down version of the unfinished mail anyway ...

> Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
> 2.6.? distribution. I'm doing an independent implementation of the PGP
> 2.6 message formats, and found this document unclear in a few spots. For
> example, can anyone else figure out the weird CFB variant mode from this
> document? I used a debugger on the PGP code to help me figure it out.

Exactly - I spent ages on the same thing.  Then there's the problem that
packet length headers must be specific lengths for various types (eg.
key certificates must have a 2 byte length, even if only one is required).
It is also not clear what the exported key certificates should contain,
the spec simply mentioning that there should be no trust packets etc. etc.

> The PGP 3.0 "spec" that you're referring to is actually a draft for a
> PGP library API. A couple of those got circulated on some PGP mailing
> lists, but none have been publicly released, another example of the
> secrecy surrounding the whole PGP effort.
>
> Now that PGP Inc. is happening, it's not exactly clear whether the PGP
> 3.0 release is going to include an API closely resembling these drafts.

I agree with your comments.  For example, we are developing PGP compatible
libraries in both Perl and Java, and are going to add SHA, Blowfish, T-DES,
etc., along with a better key ring format, encrypted key rings, and features
such as key generation from a passphrase, and we would very much like to
remain compatible with the new PGP, but how can we when there is so little
information available?  I think we need a forum to discuss PGP development
issues - I would be happy to set one up if there was interest.

Best regards,

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <[email protected]>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06