OpenPGP library?

Werner Koch wk at
Wed Aug 29 13:03:01 CEST 2001


I have addressed this library issue too often to start a discussion
again.  However, here some comments.

On 29 Aug 2001 08:26:41 -0000, Evil  said:

> If you want performance and stability, you don't want to do a fork()
> call with every request that comes in.

That is definitely not true.  Unix is based on the paradigm of small
specialized tools - this leads to the stability and easy maintenance
of the whole OS.  Look into /etc/inetd.conf to see how many services
are forked for each connection.  With most operating systems, a fork
is a relatively cheap operation.  Puttin everything in a library can
only be justified in certain cases.

If you want a high performance solution you need to use the right
tools.  GnuPG is not the silver bullet to all encryption or signing
> Also in the GPG FAQ it says stuff like "absolutely never use GPG over
> a network".  This is ridiculous.  There is absolutely no such thing as

Expirience has shown that a lot of folks are using GnuPG in a way
which renders any security achievable by GnupG worthless.  We have to
care about the bulk of users and therefore it is justified to use
stron words.

> a universally-applicable security policy.  Your software should

Nobody claimed that.

> Anyway, enough ranting.  Security is very poorly understood by most
> people who deal with it, and the idea of the "unversal security

and therefore it is justified to write software in a manner to reduce
the risks.

> policy" is one of the biggest misconceptions.  Any kind of built-in
> security policy is based on the idea that there should be some kind of

There is no security police in GnuPG.  Well, there are some
preconditions which are really necessary and I don't believe anyone
would argue that one should support plain-DES, Skipjack or even use a
redictable RNG.



Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus

More information about the Gnupg-devel mailing list