OpenPGP library?
Werner Koch
wk@gnupg.org
Wed Aug 29 12:03:01 2001
Hi,
I have addressed this library issue too often to start a discussion
again. However, here some comments.
On 29 Aug 2001 08:26:41 -0000, Evil said:
> If you want performance and stability, you don't want to do a fork()
> call with every request that comes in.
That is definitely not true. Unix is based on the paradigm of small
specialized tools - this leads to the stability and easy maintenance
of the whole OS. Look into /etc/inetd.conf to see how many services
are forked for each connection. With most operating systems, a fork
is a relatively cheap operation. Puttin everything in a library can
only be justified in certain cases.
If you want a high performance solution you need to use the right
tools. GnuPG is not the silver bullet to all encryption or signing
problems.
> Also in the GPG FAQ it says stuff like "absolutely never use GPG over
> a network". This is ridiculous. There is absolutely no such thing as
Expirience has shown that a lot of folks are using GnuPG in a way
which renders any security achievable by GnupG worthless. We have to
care about the bulk of users and therefore it is justified to use
stron words.
> a universally-applicable security policy. Your software should
Nobody claimed that.
> Anyway, enough ranting. Security is very poorly understood by most
> people who deal with it, and the idea of the "unversal security
and therefore it is justified to write software in a manner to reduce
the risks.
> policy" is one of the biggest misconceptions. Any kind of built-in
> security policy is based on the idea that there should be some kind of
There is no security police in GnuPG. Well, there are some
preconditions which are really necessary and I don't believe anyone
would argue that one should support plain-DES, Skipjack or even use a
redictable RNG.
Ciao,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus