Miscellaneous questions

Werner Koch wk at gnupg.org
Tue Apr 15 17:54:06 CEST 2008


On Tue, 15 Apr 2008 15:03, rjh at sixdemonbag.org said:

> This is how GnuPG was developed, by and large.  In the very early days,
> GnuPG supported only the bare minimum necessary to conform to the RFC.
> Features like Twofish support were not added until the MUSTs were well

Actually GnuPG predates OpenPGP by a year and development of OpenPGP and
GnuPG went hand in hand.  For example, we added Twofish because we were
in need of a 128 bit blocksize algorithm and Twofish was promising.
This was during the AES process and we could not wait for the winner of
the AES competition.

However, in general you are right.  We implement the MUSTs and then the
optional features the users think are useful.

>> So perhaps let's ask David. He's both member of the WG (and even a
>> named author since 4880 :-) ) and gnupg developer. Why did he agreed
>> to the features in 4880 (as author) if (as developer) he thinks
>> nobody needs them?
>
> I'm not going to presume to try to answer for David.  I will suggest

There quite some people involved in the OpenPGP WG and we sometimes need
to make pragmatic decisions. 

For instance the complicated partial block encoding is nothing anyone
really desired.  However the already existing PGP 5 code used that and
thus we accepted this encoding and did not used the one gpg used in the
beginning.  As with most standards, the basics are set by existing
applications.

Another reasons for some features is pure marketing; for example the
choice of 256 bit for Twofish.

And of course there are political reasons like the inclusion of some
ciphers (e.g. RIPE-MD160 and soon Camellia) and the avoidance of
patented algorithms.



Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-users mailing list