PGP & GPG compatibility

Derek Atkins warlord at MIT.EDU
Sun Jan 20 21:46:35 EST 2002 

Actually, I've found it isn't quite that bad.  Yes, there are some
problems with some of the odd-man-out features.  And yes, there are
certainly problems that only get solved if users upgrade to PGP 6.5.8
or more recent versions of GPG.

I will agree with your assessment of the origin of the problem.
However I don't think it's quite as bad as you make it out to be --
I've been using PGP 6.5.8 successfully to talk to a few people.  My
biggest problem is that very few people actually use PGP.

Question: How many users of PGP 2.x are still out there?  If people
have upgraded to more recent versions, then it's not quite as bad.
OTOH, I have successfully interoperated with PGP 2.6 fairly recently.
Then again, I still use my 1992-era RSA key (I should probably upgrade
sometime soon).

If all else fails, there is always S/MIME ;)

-derek

John Gilmore <gnu at toad.com> writes:

> These days, PGP is effectively useless for interoperable email.  If
> you have not prearranged with the recipient, you can't exchange
> encrypted mail.  And even if you have, one or the other of you will
> probably have to change your software, which will produce other ripple
> effects if you are trying to talk to TWO different people or groups
> using encrypted email.
> 
> PGP compatibility problems started with Phil Zimmermann's deliberate
> decision to eliminate compatibility with RSA keys.  Once that problem
> existed, disabling communication with anyone who used PGP before late
> 1997, nobody else seemed to mind introducing all sorts of lesser
> incompatibilities, including many mere bugs.
> 
> Having wrestled with these problems for years, my guess is that we
> need to abandon PGP and spec something else, probably in the IETF.
> (Perhaps we might be able to shortcut that process if the OpenPGP
> standards effort actually produces many compatible implementations
> including NAI's, and/or if NAI falls apart and every other
> implementation meets the IETF specs.)
> 
> Note, however, that there are many things that OpenPGP doesn't do,
> making encrypted email still a pretty sophisticated thing to do.
> Brad Templeton has been kicking around some ideas on how to make
> zero-UI encryption work (with some small UI available for us experts
> who care more about our privacy than the average joe).
> 
>   http://www.templetons.com/brad/crypt.html
> 
> 	John
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list