A question about Camellia

Robert J. Hansen rjh at sixdemonbag.org
Sat Jan 24 04:57:32 CET 2009


Faramir wrote:
>   Well, you have always said any algo in GPG is safe enough to use...

First, I've said the algorithms are safe enough to use.  I've never said
GnuPG's implementation of them is correct and error-free.  There's a
_big_ difference between saying "3DES is a trusted algorithm" and saying
"GnuPG correctly implements 3DES."

I think GnuPG's implementations are probably good; I don't have any
evidence to suggest they're not.  But I can't say they're good.

Second, please don't trust a word I say.  Seriously.  I make a ton of
mistakes every single day.  I might be making one right now.  Do your
own research, find out facts for yourself.

> Well, if you have land under the plane, your point of view can be
> different...

Yes.  Please note that I'm not saying either of them made a right or
wrong choice.  They each came to the table with certain basic
assumptions and came to very different conclusions.

David and I disagree pretty substantially on the subject of the size of
the OpenPGP spec, and how much of it GnuPG should be implementing.  I
think both he and I are being sensible.  We're just coming to very
different conclusions.

In the world of Free Software, he who writes the code gets to make the
decisions.  For GnuPG, that means David and Werner.  I don't begrudge
them that one bit.  It's their barbecue, and on the whole the barbecue
is good.  I don't want anyone to mistake me on this.

My quibbles are not with GnuPG.  My quibbles are with the OpenPGP spec.
 I think GnuPG is the best implementation of OpenPGP out there right now.




More information about the Gnupg-users mailing list