On Tue, 15 Apr 2008 15:03, [EMAIL PROTECTED] said: > This is how GnuPG was developed, by and large. In the very early days, > GnuPG supported only the bare minimum necessary to conform to the RFC. > Features like Twofish support were not added until the MUSTs were well
Actually GnuPG predates OpenPGP by a year and development of OpenPGP and GnuPG went hand in hand. For example, we added Twofish because we were in need of a 128 bit blocksize algorithm and Twofish was promising. This was during the AES process and we could not wait for the winner of the AES competition. However, in general you are right. We implement the MUSTs and then the optional features the users think are useful. >> So perhaps let's ask David. He's both member of the WG (and even a >> named author since 4880 :-) ) and gnupg developer. Why did he agreed >> to the features in 4880 (as author) if (as developer) he thinks >> nobody needs them? > > I'm not going to presume to try to answer for David. I will suggest There quite some people involved in the OpenPGP WG and we sometimes need to make pragmatic decisions. For instance the complicated partial block encoding is nothing anyone really desired. However the already existing PGP 5 code used that and thus we accepted this encoding and did not used the one gpg used in the beginning. As with most standards, the basics are set by existing applications. Another reasons for some features is pure marketing; for example the choice of 256 bit for Twofish. And of course there are political reasons like the inclusion of some ciphers (e.g. RIPE-MD160 and soon Camellia) and the avoidance of patented algorithms. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users