OpenPGP library?
Werner Koch
wk@gnupg.org
Wed Aug 29 14:43:01 2001
On 29 Aug 2001 11:46:33 -0000, Evil said:
> Those are security policies. Deciding to not have a library is a
> policy. Those policies may be wrong for some users. If you are
And deciding not to write it in ADA is another one, probably a bad
one. I am takling about gpg(1) *tool*
> all your users. You don't. I could list a dozen reasons why, in some
> cases, DES might be a better choice than AES, for instance. Can you
> think of some?
There are no technical reasons. If there is a organization which has
a need for weak encryption, they should write their own or stripp
GnuPG down to that.
> ones such as AES and 3DES, low security ones such as DES, very low
> security ones such as 40 bit DES, and even plaintext (ie, no
I agree with the FreeS/WAN project that we don't want any weak
encryption - there are no technical reasons for it (except for some
very strange protocols). We try to do the best we can.
> configure my Apache/SSL server to support only 40-bit DES or no
> encryption at all if I want to. I'm glad to have the choice. The
And so is the GCHQ
> that use. That's what Phil Z was originally thinking of, too. But
> public key crypto, such as GPG, can and should be used all over the
> place, for a very broad range of applications. It's unfortunate that
Just choose the right tool. The GNU project has other tools which
might better fit for a purpose: Kerberos,LSH, GNUTLS, LIBGCRYPT.
> resulted in software with needless constraints, and it has resulted in
> the protocol being used much less than it could be.
Come on, PGP is still the de-facto standard for email encryption.
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus