- consider including a compressed gzip file of the HTML pages when we
  distribute.
- pick up comments on passphrase mangling and salting from mailing list
  archives.  thread started by horacio around last week of January.
- need to integrate "gnupg documentation project" with the documentation
  page at http://www.gnupg.org and try to consolidate some of the random
  docs floating around.  should also use the consolidated documentation
  to build a minimal doc set for the distribution.
- need a FAQ of some sort for fast-find that may be just pointers to the
  right place in the manual
   - how do i use keyservers?
   - what's a valid key specifier?
- digital signature section improvements
   - the odds of two documents hashing to the same value is pretty low
   - a document's hash value is sometimes called its message digest
   - the section is in general difficult to understand; need pictures
     to explain the algorithms like the ones in the talk.
- add example in --print-md reference page of using print-md to check
  integrity of files
- add a description of the procedure one uses to revoke a public key and
  the consequences of doing so.  In particular, it needs to be explained that
  you are revoking the *private* key, so while noone can encrypt to that key,
  it doesn't stop someone from making signatures using the compromised 
  private key.  what protects you is that signatures made after the revocation
  date will be flagged invalid.
- need to explain what "ultimately" trusted means somewhere since it is
  used in the reference page for edit-key.
- add explanation of cryptic symbols you get when you display preferences.

#define CIPHER_ALGO_NONE         0
#define CIPHER_ALGO_IDEA         1
#define CIPHER_ALGO_3DES         2
#define CIPHER_ALGO_CAST5        3
#define CIPHER_ALGO_BLOWFISH     4  /* blowfish 128 bit key */
#define CIPHER_ALGO_SAFER_SK128  5
#define CIPHER_ALGO_DES_SK       6
#define CIPHER_ALGO_TWOFISH     10  /* twofish 256 bit */
#define CIPHER_ALGO_SKIPJACK   101  /* experimental: skipjack */
#define CIPHER_ALGO_TWOFISH_OLD 102 /* experimental: twofish 128 bit */
#define CIPHER_ALGO_DUMMY      110  /* no encryption at all */

- check on this
  On Sun, 27 Feb 2000, chimera wrote:
  >    On page 40, section 4.1.1 there is a paragraph starting with "ElGamal
  > keys". It seems to suggest that the computational cost of encrypting and
  > decrypting are exponential in time (when the key is known). I believe
  > (IMMHO) that it is exponential only when the key is unknown. When the
  > key is known, it is merely polynomial (I don't know the degree)
  > otherwise. Alternatively, the paragraph could be stating the case when
  > the key is unknown, but it is unclear and does not fit in with the rest
  > of the paragraph.

  >    I have actually used the gen-random command-line option. I discovered
  > that while the man page said there were levels 0|1|2 of randomness, it
  > didn't specify the most random. I had to devel into the source code for
  > that information (2 is the most random). I have thus noticed that the
  > manual doesn't state the information either. Maybe the manual (as well
  > as the man page) could include that tidbit of information.


- notes from chimera about his contribution on salting and mangling.
> Thanks a bunch!  I looked it over, and it all made sense, but I don't
> understand how the salt is obtained or how the system comes up with
> the same salt in order to check a passphrase.  Do you know the details
> on this?
   You understand it!!! Wow. :)

   Yeah, I know how the salt is obtained. It should be a random or
cryptographically random sequence of bits. Now Bob knows which salt to
use as the salt is actually transmitted clear-text as part of the
message. That is, the salt is not secret at all and Eve can obtain it
without difficulty. Hence, the benefit of a salt is that two cryptotext
with exactly the same plaintext and key, but different salt look
entirely different as far as Eve can tell.

> I will.  When this is integrated, I intend to add you to the credit
> list.  What name should I use?
``chimera'', I'll stay relatively anonymous for the moment.

x another patch
From offby1@blarg.net Sat May 27 07:49:05 2000
Date: 18 Apr 2000 18:36:20 -0700
From: Eric Hanchrow <offby1@blarg.net>
To: jashley@acm.org
Subject: Suggestions for GPG manual

[...]
x fix index.html page to eliminate comment that figure is not printing
x many postscript interpreters blow on the page with the botched figure.
  some workaround is needed.
     Kenneth Geisshirt <kneth@sslug.dk>:
     The way it translated way the following. First I translated the SGML
     source into TeX. I then edited by hand the TeX file to it include
     signature.eps instead of signature.jpg. The file signature.jpg was
     converted into EPS by convert. Finally I ran jadetex on the TeX file and
     used dvips to get a PS file. It can probably be done automatically since
     it's basically a search and replace.
x pgp2.x notes need to be updated with fact that you cannot both sign
  and encrypt at the same time to a pgp 2.x user
x add --passphrase-fd option description
x reference sections need to be completed

