Merge pull request 'minor edits for ch2' (#104) from heiko-ch2 into draft

Reviewed-on: https://codeberg.org/openpgp/notes/pulls/104
This commit is contained in:
Tammi L. Coles 2023-11-03 11:00:34 +00:00
commit cb5738658d

View file

@ -31,15 +31,15 @@ The origins of OpenPGP can be traced back to *Pretty Good Privacy (PGP)*, a soft
The original PGP software played a role in the political struggles sometimes referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars) (also see ["Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital" (2002)](https://en.wikipedia.org/wiki/Crypto_(book)), which includes some of PGP's history). The original PGP software played a role in the political struggles sometimes referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars) (also see ["Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital" (2002)](https://en.wikipedia.org/wiki/Crypto_(book)), which includes some of PGP's history).
The original PGP software was never under a Free Software license, despite its source code being widely published by its author. [PGP's ownership has changed over the years](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_and_Symantec), and [PGP's scope and suite of products have expanded] (https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications). The original PGP software was never under a Free Software license, despite its source code being widely published by its author. [PGP's ownership has changed over the years](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_and_Symantec), and [PGP's scope and suite of products have expanded](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications).
### Standardizing OpenPGP ### Standardizing OpenPGP
While PGP was first developed as commercial software, the owner at the time, PGP Inc., started a standardization effort with the IETF, first publishing [RFC 1991 "PGP Message Exchange Formats"](https://datatracker.ietf.org/doc/html/rfc1991) in August 1996. While PGP was first developed as commercial software, the owner at the time, PGP Inc., started a standardization effort with the IETF, first publishing [RFC 1991 "PGP Message Exchange Formats"](https://datatracker.ietf.org/doc/html/rfc1991) in August 1996.
In July 1997, a process to produce an open standard under the then new name [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) was started, resulting in [RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published in November 1998. RFC 2440 describes OpenPGP version 3. In July 1997, a process to produce an open standard under the then new name [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) was started, resulting in [RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published in November 1998.
The name OpenPGP can be used freely by implementations, unlike the name PGP, which is a [registered trademark](https://uspto.report/TM/74685229)). The name OpenPGP can be used freely by implementations, unlike the name PGP, which is a [registered trademark](https://uspto.report/TM/74685229).
### GnuPG, an early Free Software implementation ### GnuPG, an early Free Software implementation
@ -49,11 +49,15 @@ GnuPG was a major early implementation of OpenPGP. Over the years, the importanc
Because the GnuPG program binary is called "gpg," "GnuPG" and "gpg" are often used interchangeably. Because the GnuPG program binary is called "gpg," "GnuPG" and "gpg" are often used interchangeably.
## The OpenPGP version 4 era ## The RFC 4880 era
### OpenPGP version 4 ### OpenPGP version 4
In 2007, the IETF published [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880), which defined version 4 of the OpenPGP standard. As of late 2023, version 4 is the most commonly used version. In 2007, the IETF published [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880), which defines version 4 OpenPGP artifacts. As of late 2023, version 4 is the most commonly used version.
An extension for Elliptic Curve Cryptography was defined in [RFC 6637](https://www.rfc-editor.org/rfc/rfc6637).
Some implementations explored other non-standardized extensions. Notably, algorithms based on Curve 25519 were tentatively defined in the [rfc4880bis](https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#name-elliptic-curve-cryptography) document. These algorithms are widely used, even though rfc4880bis has never been finalized as a new version of the standard.
(major_implementations)= (major_implementations)=
### Major implementations of OpenPGP ### Major implementations of OpenPGP
@ -98,10 +102,8 @@ There is [ongoing work](https://datatracker.ietf.org/doc/draft-wussler-openpgp-p
## Zooming in: Internal structure of OpenPGP data ## Zooming in: Internal structure of OpenPGP data
OpenPGP data is internally structured as "packets." We'll look into examples of this internal structure throughout the following chapters. OpenPGP data is internally structured as "packets." We'll look into examples of this internal structure in a series of chapters at the end of this document.
Getting familiar with the internal format of OpenPGP data is a good way to get familiar with the [RFC](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/), and it may also come in handy for debugging issues. Getting familiar with the internal format of OpenPGP data provides practical insight into the [RFC](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/), which describes the internal structure of OpenPGP packets in full detail, and may also come in handy for debugging issues.
Gaining some familiarity with the internal structure of OpenPGP data will also help us to read the OpenPGP RFC, which describes the internal structure of OpenPGP packets in full detail.
(Most of the time, however, we will look at OpenPGP artifacts at a higher level of abstraction.) (Most of the time, however, we will look at OpenPGP artifacts at a higher level of abstraction.)