--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jun 02, 2005 at 03:26:14PM -0400, Thor Lancelot Simon wrote:
> You can get all the algorithms from OpenSSL, which is already essentially
> BSD licensed.  The real work is in two areas:
>=20
> 1) Parsing and generating the OpenPGP message format

That shouldn't really be too much of a problem, it's just a lot of work, ri=
ght?

> 2) Getting key policy right.  This is one of the things that GnuPG does
>    worst, and an area where substantial improvement could be made.

Hmm, I'm not sure I know what `right policy' would be.  I'm afraid I'm not
up to the job after all :(
However, if someone who knows what he's doing will start some work on it, I
wouldn't mind doing some of the grunt work.

One thing I think we could do a lot better than GPG is the CLI interface.
The GPG interface is an abomination IMHO, especially the idea of gathering
all functionality in one single binary...
A better approach would be a collection of programs that operate on the
keyring, much like our user* tools operate on the passwd database.  It would
also be logical to put the common code in a library.

Regards,
Peter
--=20
http://www.student.kun.nl/peter.bex
--
"The process of preparing programs for a digital computer
 is especially attractive, not only because it can be economically
 and scientifically rewarding, but also because it can be an aesthetic
 experience much like composing poetry or music."
							-- Donald Knuth

--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFCn2w2Lg33BXzVMqsRAhMUAKCpz0wpK66FMVj9yXJWJrCs5InvPwCfSbri
Z7za6a0xio8xSPxgqwUR1jY=
=FbGO
-----END PGP SIGNATURE-----

--uAKRQypu60I7Lcqm--