OpenPGP library?

Werner Koch wk@gnupg.org
Wed Aug 29 12:03:01 2001


Hi,

I have addressed this library issue too often to start a discussion
again.  However, here some comments.

On 29 Aug 2001 08:26:41 -0000, Evil  said:


> If you want performance and stability, you don't want to do a fork()
> call with every request that comes in.
That is definitely not true. Unix is based on the paradigm of small specialized tools - this leads to the stability and easy maintenance of the whole OS. Look into /etc/inetd.conf to see how many services are forked for each connection. With most operating systems, a fork is a relatively cheap operation. Puttin everything in a library can only be justified in certain cases. If you want a high performance solution you need to use the right tools. GnuPG is not the silver bullet to all encryption or signing problems.
> Also in the GPG FAQ it says stuff like "absolutely never use GPG over
> a network". This is ridiculous. There is absolutely no such thing as
Expirience has shown that a lot of folks are using GnuPG in a way which renders any security achievable by GnupG worthless. We have to care about the bulk of users and therefore it is justified to use stron words.
> a universally-applicable security policy. Your software should
Nobody claimed that.
> Anyway, enough ranting. Security is very poorly understood by most
> people who deal with it, and the idea of the "unversal security
and therefore it is justified to write software in a manner to reduce the risks.
> policy" is one of the biggest misconceptions. Any kind of built-in
> security policy is based on the idea that there should be some kind of
There is no security police in GnuPG. Well, there are some preconditions which are really necessary and I don't believe anyone would argue that one should support plain-DES, Skipjack or even use a redictable RNG. Ciao, Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus