From 5eb6d310cfa2fbdf7905be06ebd10c2d5379bb7c Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 1 Nov 2023 21:08:21 +0100 Subject: [PATCH] Fix version claims and add a bit more detail about extensions to 4880. It's not so straightforward: RFC 2440 and 4880 both define OpenPGP version 4 artifacts. So naming versions in the text is tricky. --- book/source/02-highlevel.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/book/source/02-highlevel.md b/book/source/02-highlevel.md index e455683..832bc3d 100644 --- a/book/source/02-highlevel.md +++ b/book/source/02-highlevel.md @@ -37,7 +37,7 @@ The original PGP software was never under a Free Software license, despite its s While PGP was first developed as commercial software, the owner at the time, PGP Inc., started a standardization effort with the IETF, first publishing [RFC 1991 "PGP Message Exchange Formats"](https://datatracker.ietf.org/doc/html/rfc1991) in August 1996. -In July 1997, a process to produce an open standard under the then new name [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) was started, resulting in [RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published in November 1998. RFC 2440 describes OpenPGP version 3. +In July 1997, a process to produce an open standard under the then new name [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) was started, resulting in [RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published in November 1998. The name OpenPGP can be used freely by implementations, unlike the name PGP, which is a [registered trademark](https://uspto.report/TM/74685229). @@ -49,11 +49,15 @@ GnuPG was a major early implementation of OpenPGP. Over the years, the importanc Because the GnuPG program binary is called "gpg," "GnuPG" and "gpg" are often used interchangeably. -## The OpenPGP version 4 era +## The RFC 4880 era ### OpenPGP version 4 -In 2007, the IETF published [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880), which defined version 4 of the OpenPGP standard. As of late 2023, version 4 is the most commonly used version. +In 2007, the IETF published [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880), which defines version 4 OpenPGP artifacts. As of late 2023, version 4 is the most commonly used version. + +An extension for Elliptic Curve Cryptography was defined in [RFC 6637](https://www.rfc-editor.org/rfc/rfc6637). + +Some implementations explored other non-standardized extensions. Notably, algorithms based on Curve 25519 were tentatively defined in the [rfc4880bis](https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#name-elliptic-curve-cryptography) document. These algorithms are widely used, even though rfc4880bis has never been finalized as a new version of the standard. (major_implementations)= ### Major implementations of OpenPGP