David Shaw dshaw at
Sun Oct 30 15:59:07 CET 2005

On Sun, Oct 30, 2005 at 03:51:08PM +0100, Christoph Anton Mitterer wrote:
> John Clizbe wrote:
> >Well, first it has to make it into the OpenPGP Standard. And usually to do
> >that, it would likely need to be part of some governmental or business
> >standard so that large numbers of end-users would want/need it.
> > 
> >
> I think that should be implemented despite of the way goverments are 
> going,..
> Goverments are often trying to restrict cryptography (see US) and also 
> here in Germany (using X.509 only which is in my opinion less secure 
> than OpenPGP as its using a hierarchical certificate system).
> So why not just implementing ECC for GnuPG and making the first step for 
> a (new) OpenPGP standard?

That would work if GnuPG stood alone, but it doesn't.  New algorithms
or message constructions need to be discussed and worked out as part
of a standard so that all programs can interoperate.

This isn't to say that nobody can add new algorithms: see for one.  It does
mean that without standardization, only their experimental modified
GnuPG can read these messages.


More information about the Gnupg-users mailing list