andrewg at andrewg.com
Mon Jul 1 16:38:22 CEST 2019
On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> I agree with Professor Green. Maybe he and his students can
> program a POC something more simple, preferably in Golang and
> while using the NaCl* library.
Golang? Not Rust? :-P
I do find it odd how many projects make such a big deal of what language
they're written in. It shouldn't matter what language you use so long as
it works (and is memory safe).
> There was back then no Enigmail or other
> MUA plug-ins and you could simply copy and paste your messages.
Who wants to copy and paste messages? That's soooo 1995.
> A real "modern" GnuPG should be IMHO the same as PGP was GUI based
> back then. The GUI could be also cross-platform QT based, for
You can't script a GUI, but you can GUI a CLI - and there is no shortage
of decent GUI interfaces for GnuPG.
> I also don't understand why GnuPG needs so many components, like
> pinentry, dirmngr and gpg-agent plus GnuPG itself, while MacPGP
> from Mr Zimmermann was only one program.
Most of those are separate because of security concerns. Monolithic
systems may look simpler from the outside, but they're often a bucket of
bolts on the inside. Role separation is your friend.
> *And regarding key formats, standards, RFC's etc. my new NaCl
> (pronounced salt) pub key which I use now with friends for email
> communication looks like this :-) :
Yes, it is possible to make very short public keys by stripping all
non-mathematical information and using ECC (SSH's ECC keys are similarly
terse). I'm skeptical of the long-term safety of ECC though (the NSA
appears to agree) so while it may be worth using for session keys I'm
not going to trust it with my long-term identity. And the
non-mathematical information has its uses if you're maintaining any sort
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users