Initial outline and old notes

(Rough merge of two precursor projects by Heiko, and outline notes by Paul)

book/source/01-intro.md

@@ -0,0 +1,82 @@
+# OpenPGP: what is it, history
+
+This document is intended as an introduction to the inner workings of OpenPGP,
+aimed mainly at technical readers.
+
+It is *not* a guide for *use* of OpenPGP by end-users.
+
+## What is OpenPGP?
+
+OpenPGP is an open standard that was developed based on the
+["Pretty Good Privacy (PGP)"](https://en.wikipedia.org/wiki/Pretty_Good_Privacy)
+software.
+
+The standard has evolved over time, and there is ongoing work to improve it.
+[RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880) is the most recent
+published version of the standard (describing OpenPGP version 4).
+
+An IETF working group is currently finalizing a
+[new revision](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/),
+of the OpenPGP standard (which will describe OpenPGP version 6).
+The current standardization work focuses on updating the cryptographic
+mechanisms in OpenPGP.
+
+There are multiple [interoperable](https://tests.sequoia-pgp.org/)
+implementations with significant use.
+
+## A very brief history (dramatis personae)
+
+### PGP
+
+*"Pretty Good Privacy (PGP)"* is a software program, initially by Phil
+Zimmermann, first released in 1991.
+
+The PGP software has played a role in the political struggles sometimes
+referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars)
+(also see https://en.wikipedia.org/wiki/Crypto_(book) for some of that history,
+including about the history of PGP).
+
+The "PGP" software was never under a Free Software license,
+even though its source code has at one point been widely published.
+
+The ownership and branding of the product has
+[changed over the years](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_and_Symantec),
+The software enjoys a continued existence, albeit with
+[changing name and scope](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications).
+
+
+### OpenPGP
+
+While the PGP software was developed as a commercial product, the owner at the time,
+"PGP Inc." started a standardization effort with the IETF in July 1997.
+The resulting open standard was named
+[OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP).
+
+The result of this first round of standardization work under the "OpenPGP"
+name is [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440),
+published November 1998.
+
+The name "OpenPGP" can be used freely by implementations (unlike the name
+"PGP", which is a [registered trademark](https://uspto.report/TM/74685229)).
+
+### GnuPG
+
+[First released 1997-12-20](https://gnupg.org/download/release_notes.html#sec-2-70),
+GnuPG is an implementation of the OpenPGP standard.
+
+GnuPG has been the major Free Software implementation of OpenPGP for a period
+of time. It has played a role in the release of NSA documents by
+[Edward Snowden](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/)
+
+## Multiple major implementations
+
+Today, multiple implementations of OpenPGP play an important role:
+
+- Protonmail, who serve a large number of users, use (and maintain)
+[OpenPGP.js](https://openpgpjs.org/).
+- The Thunderbird email software is using the [RNP](https://www.rnpgp.org/)
+implementation for their built-in OpenPGP support since version 78 (released in mid-2020).
+- The RPM Package Manager software includes an OpenPGP backend based on
+[Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation in Rust.
+Fedora [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/)
+since version 38.