Gary Howland wrote:
Someone suggested to me that Derek posted a draft spec for PGP 3.0. Anyone know of the whereabouts of this document.
Yes. That document has evolved to RFC 1991:
1991 I D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange Formats", 08/16/1996. (Pages=21) (Format=.txt)
Hmm - I don't know I managed to make this post - I had started writing a reply, but exited my mailer, and for some reason it decided to send a cut down version of the unfinished mail anyway ...
Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP 2.6.? distribution. I'm doing an independent implementation of the PGP 2.6 message formats, and found this document unclear in a few spots. For example, can anyone else figure out the weird CFB variant mode from this document? I used a debugger on the PGP code to help me figure it out.
Exactly - I spent ages on the same thing. Then there's the problem that packet length headers must be specific lengths for various types (eg. key certificates must have a 2 byte length, even if only one is required). It is also not clear what the exported key certificates should contain, the spec simply mentioning that there should be no trust packets etc. etc.
The PGP 3.0 "spec" that you're referring to is actually a draft for a PGP library API. A couple of those got circulated on some PGP mailing lists, but none have been publicly released, another example of the secrecy surrounding the whole PGP effort.
Now that PGP Inc. is happening, it's not exactly clear whether the PGP 3.0 release is going to include an API closely resembling these drafts.
I agree with your comments. For example, we are developing PGP compatible libraries in both Perl and Java, and are going to add SHA, Blowfish, T-DES, etc., along with a better key ring format, encrypted key rings, and features such as key generation from a passphrase, and we would very much like to remain compatible with the new PGP, but how can we when there is so little information available? I think we need a forum to discuss PGP development issues - I would be happy to set one up if there was interest. Best regards, Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland <gary@systemics.com> Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06