$Id: references.txt,v 1.1.1.1 2008/09/10 09:32:57 agcrooks Exp $

References
==========

Standards and Annotations:

    RFC 2440 annotated with GnuPG Information
    http://sunsite.icm.edu.pl/gnupg/rfc2440.html


Other similar projects:

    GPGME
    http://www.gnupg.org/(en)/related_software/gpgme/index.html

        "GnuPG Made Easy" is a library designed to make access to GnuPG
        easier for applications. It provides a High-Level Crypto API
        for encryption, decryption, signing, signature verification and
        key management. Currently it uses GnuPG as its backend but the
        API isn't restricted to this engine; in fact we have already
        developed a backend for CMS (S/MIME).

    Ägypten2
    http://www.gnupg.org/aegypten2/index.html

    Cryptix OpenPGP
    http://www.cryptix.org/
    http://sourceforge.net/projects/cryptix-openpgp

        A java implementation of OpenPGP. Intended audiencie is
        developers who want to add OpenPGP to their own applications.


Related projects:

    Libassuan

        Libassuan is a small library implementing the so-called Assuan
        protocol. This protocol is used for IPC between most newer GnuPG
        components. Both, server and client side functions are provided.

        Despite [many] disadvantages, this type of client/server
        communication can be useful: the client is completely separate
        from the server; they are in different address spaces. This is
        especially important in situations where the server must have a
        known degree of reliability and data must be protected: as the
        Assuan protocol is well defined and clients cannot corrupt the
        servers' address space, auditing become much easier.


    OpenPKSD
    http://www.openpksd.org/

        A primitive OpenPGP key server, interesting mainly because it's
        written in Ruby.


Other potentially useful software:

    pgpdump
    http://pgp.iijlab.net/pgpdump.html


Papers:

    Deploying a New Hash Algorithm
    Bellovin, et al.
    http://www.cs.columbia.edu/~smb/papers/new-hash.ps (or .pdf)

    Steve Bellovin suggests considering these hashing ideas, in
    particular the advice on implementation behavior from Section 4.1.1
    and 4.2.
