At 04:31 PM 12/01/2001 -0800, Meyer Wolfsheim wrote:
Another proprietary key format. Why not base such a system on OpenPGP?
OpenPGP, ClosedPGP, GPG, PGP2.x, and X.509 all have blazingly ugly data formats, especially for keys. The main advantages of recycling one of the N variations on PGP formats or one of the K variations on X.509 are that you can reuse code, and in some cases you can gain compatibility with existing user bases. On the other hand, you can gain compatibility with existing user bases by letting PGP users sign messages saying "My Cryptoheaven Public Key For Messages is <key1> and for Signatures is <key2>" and similarly letting X.509 users do the same if they want. It's not automated, but it can work ok. Also, of course, you'd need to register the Rijndael and SHA-256 entities onto the **PG** formatspaces, but they're generally designed for it. The cleanest key format I've seen is in CryptoKong - it has the advantage that Elliptic Curve cryptosystems let you use short keys, at least if you believe that the math works adequately, and it's not trying to use any "KeyID" as an abbreviation for the key, so it's just a simple direct encoding of the key, without PGP's annoyances of KeyID lookup and risks of KeyID forgery. Of course, it's also not mapping KeyIDs to users, only to messages, so if you want to maintain relationships between them, you've got to do it yourself, and if you want to have senders of some messages vet senders of other messages, you need to track the messages yourself. James Donald's implementation uses an Evil Microsoft Access database to save messages, but you could do a different implementation if you wanted to. Was the real motivation for using their own format simplicity? Or not-invented-here-ness? Or not-thinking-ness? Or unwillingness to wade through the huge amount of existing ugly code just for compatibility with existing ugly formats? Does it matter much? They're in the Software / Internet Services business, so either they'll find a niche where they get lots of users (in which case it's worth reviewing their code for real security), or they'll fail to do so and Darwin Will Get Them, like so many other projects out there, or they'll end up with a small but fanatic group of users who keep them going, or somebody will discover a Serious Bug which will blow away their security (though they do have at least semi-open source available for review.)