You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by robert burrell donkin <ro...@blueyonder.co.uk> on 2005/05/19 09:22:02 UTC
[PGP] choose another name?
something like this has been needed for a while so it's great to see it
happening.
but i do have some concerns about the name
phil zimmermann's pretty good privacy program is almost universally
abbreviated to pgp. the name commons-pgp is not only close to a related
commercial product but the term PGP is plastered all over our
communications. i wonder whether it might be better to adopt another
name now (at this early stage) which doesn't carry the risk difficulties
later (for example: commons-openpgp, commons-crypt, commons-sign etc).
- robert
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [PGP] choose another name?
Posted by Andy Lewis <aj...@ascii27.net>.
from an uninvolved observer - I agree - and offer "commons-jgp" as a
suggestion
robert burrell donkin wrote:
>something like this has been needed for a while so it's great to see it
>happening.
>
>but i do have some concerns about the name
>
>phil zimmermann's pretty good privacy program is almost universally
>abbreviated to pgp. the name commons-pgp is not only close to a related
>commercial product but the term PGP is plastered all over our
>communications. i wonder whether it might be better to adopt another
>name now (at this early stage) which doesn't carry the risk difficulties
>later (for example: commons-openpgp, commons-crypt, commons-sign etc).
>
>- robert
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [PGP] choose another name?
Posted by Stefan Bodewig <bo...@apache.org>.
On Thu, 19 May 2005, Brett Porter <br...@apache.org> wrote:
> ok, so commons-openpgp would be ok.
+1
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [PGP] choose another name?
Posted by robert burrell donkin <ro...@blueyonder.co.uk>.
On Thu, 2005-05-19 at 19:01 +1000, Brett Porter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> robert burrell donkin wrote:
>
> >
> >openPGP is the name used for a group of RFC's inspired by pretty good
> >privacy. http://www.openpgp.org/ is an association of implementors
> >promoting the use of this standard (which is probably the source of the
> >confusion). http://www.ietf.org/rfc/rfc2440.txt is the RFC in question
> >and covers a message format. it included implementation details as well
> >as specification (which is another source for the confusion).
>
> ok, so commons-openpgp would be ok. I'm still thinking commons-crypto is
> a good name, but I'll be happy with either. It can always be changed
> later when it is expanded I guess.
IMHO commons-openpgp gives a very nice, tightly focused well-named
component with a clean concrete aim (an openPGP implementation). no
baggage, no arguments later about scope. if the requirements expand,
then it's time to create another small component (or two).
commons-crypto sounds good but maybe that's a name for tomorrow...
> >>maybe it'd be possible to get enough momentum to think about aiming for
> >a jakarta-crypto in the medium term followed by an apache-crypto project
> >one day...
>
> LOL... I hope this has a fair bit of tongue in cheek :)
yep :)
> It's good to
> have a long term goal, but I'm not getting that carried away just yet.
hehehe
> As far as I understand, we're only aiming for something that wraps
> bouncycastle and/org cryptix (which, at least in BC's case from my
> experience, already does the crypto stuff very well) that is at a
> higher level and isolated from the provider's own API. We're just
> signing some deployments here, for now :)
+1
- robert
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [PGP] choose another name?
Posted by Brett Porter <br...@apache.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
robert burrell donkin wrote:
>
>openPGP is the name used for a group of RFC's inspired by pretty good
>privacy. http://www.openpgp.org/ is an association of implementors
>promoting the use of this standard (which is probably the source of the
>confusion). http://www.ietf.org/rfc/rfc2440.txt is the RFC in question
>and covers a message format. it included implementation details as well
>as specification (which is another source for the confusion).
ok, so commons-openpgp would be ok. I'm still thinking commons-crypto is
a good name, but I'll be happy with either. It can always be changed
later when it is expanded I guess.
>
>maybe it'd be possible to get enough momentum to think about aiming for
>a jakarta-crypto in the medium term followed by an apache-crypto project
>one day...
LOL... I hope this has a fair bit of tongue in cheek :) It's good to
have a long term goal, but I'm not getting that carried away just yet.
As far as I understand, we're only aiming for something that wraps
bouncycastle and/org cryptix (which, at least in BC's case from my
experience, already does the crypto stuff very well) that is at a
higher level and isolated from the provider's own API. We're just
signing some deployments here, for now :)
Cheers,
Brett
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCjFXwOb5RoQhMkRMRAgAgAJ487qdv+M7Quld2d92KRIv0ZLQO8ACcCNA5
gAuVzcIqoVuKcaNa5fMIay8=
=dvYW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [PGP] choose another name?
Posted by robert burrell donkin <ro...@blueyonder.co.uk>.
On Thu, 2005-05-19 at 17:27 +1000, Brett Porter wrote:
<snip>
> I also though openPGP was an implementation rather than a spec, so maybe
> going straight to "commons-crypto" is the best. That gives us scope to
> go into encrypt/decrypt as well as signatures and to use other algorithms.
>
> I'd expect generally to just use JCE for this, but it appears some of
> the PGP functions aren't exposed through that - so this API can expose
> those things. I guess this should be one of the goals - not to just
> reproduce functionality that could otherwise be done via JCE.
openPGP is the name used for a group of RFC's inspired by pretty good
privacy. http://www.openpgp.org/ is an association of implementors
promoting the use of this standard (which is probably the source of the
confusion). http://www.ietf.org/rfc/rfc2440.txt is the RFC in question
and covers a message format. it included implementation details as well
as specification (which is another source for the confusion).
it's early days yet but it would be very, very cool to have a pure java
openPGP implementation: IMHO one of the reasons why take up has been
restricted is the lack of user-friendly open source applications. i
really like gnu privacy guard but it is very *nix. a good openPGP
library implementation in java would be a great step forward.
thinking ahead, i now wonder whether it might be better to think along
the lines of a commons-openpgp implementation backed by a commons-crypto
library. apache's going to need not only pgp stuff but also user
certificate management software.
maybe it'd be possible to get enough momentum to think about aiming for
a jakarta-crypto in the medium term followed by an apache-crypto project
one day...
- robert
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [PGP] choose another name?
Posted by Brett Porter <br...@apache.org>.
robert burrell donkin wrote:
>but i do have some concerns about the name
>
>
Yes, I've been thinking about it too.
>phil zimmermann's pretty good privacy program is almost universally
>abbreviated to pgp. the name commons-pgp is not only close to a related
>commercial product but the term PGP is plastered all over our
>communications. i wonder whether it might be better to adopt another
>name now (at this early stage) which doesn't carry the risk difficulties
>later (for example: commons-openpgp, commons-crypt, commons-sign etc).
>
>
Just to fill in on the original discussion:
> commons-signing?
Depends on what we intend to do there. commons-pgp or even
commons-openpgp if we want to stick with PGP might be better (we may
include support for encryption and decryption as well, that's why I
don't like "signing").
I also though openPGP was an implementation rather than a spec, so maybe
going straight to "commons-crypto" is the best. That gives us scope to
go into encrypt/decrypt as well as signatures and to use other algorithms.
I'd expect generally to just use JCE for this, but it appears some of
the PGP functions aren't exposed through that - so this API can expose
those things. I guess this should be one of the goals - not to just
reproduce functionality that could otherwise be done via JCE.
- Brett
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org