dshaw at jabberwocky.com
Sun Oct 30 15:59:07 CET 2005
On Sun, Oct 30, 2005 at 03:51:08PM +0100, Christoph Anton Mitterer wrote:
> John Clizbe wrote:
> >Well, first it has to make it into the OpenPGP Standard. And usually to do
> >that, it would likely need to be part of some governmental or business
> >standard so that large numbers of end-users would want/need it.
> I think that should be implemented despite of the way goverments are
> Goverments are often trying to restrict cryptography (see US) and also
> here in Germany (using X.509 only which is in my opinion less secure
> than OpenPGP as its using a hierarchical certificate system).
> So why not just implementing ECC for GnuPG and making the first step for
> a (new) OpenPGP standard?
That would work if GnuPG stood alone, but it doesn't. New algorithms
or message constructions need to be discussed and worked out as part
of a standard so that all programs can interoperate.
This isn't to say that nobody can add new algorithms: see
http://alumnes.eps.udl.es/~d4372211/index.en.html for one. It does
mean that without standardization, only their experimental modified
GnuPG can read these messages.
More information about the Gnupg-users