Re: Nits in current drafts

[Jeffrey Hutzelman <jhutz%cmu.edu@localhost>]

On Thursday, February 24, 2005 02:12:24 AM +1300 Peter Gutmann 
<pgut001%cs.auckland.ac.nz@localhost> wrote:

> Ben Harris <bjh21%bjh21.me.uk@localhost> writes:
>
> > I still think a better approach at this stage would be to simply remove
> > all mention of OpenPGP keys and leave their handling to be defined
> > properly in a separate RFC.
>
> In a perfect world I'd agree that this would be the way to do it, however
> given the lack of interest shown in this in the past I think this would
> be a kind of de facto consignment to oblivion of all the other formats.
> The advantage of doing it now would be that it only requires a few words
> changed here and there, rather than an entire new RFC that (most
> probably) no-one will ever be motivated to write (just thinking of my own
> code, it'd take me about 5 minutes to add an "x509-whatever" or
> "pgp-whatever" entry to the SSH cert decoding table, but a great many
> hours to do an RFC to specify it).  It's a pay-me-now/pay-me-later thing,
> I'd rather change a sentence or two now than have to do an entire RFC
> later.

> Either that or just drop all foreign formats on grounds of total
> incomprehensibility and no-one's really interested anyway.

Ah, now you have the right idea.

If no one cares enough about these to write up clear, unambiguous specs 
that spell out all the details required for secure, interoperable 
implementations, I can't imagine why anyone would care enough to actually 
implement and test them.

If we don't have two interoperable implementations of these key types, they 
will have to be dropped before we can move to draft.  If we don't believe 
there are ever going to be two interoperable implementations, we might as 
well drop them _now_, and save all the nastiness about how massively 
underspecified they are.

-- Jeff