PGP & GPG compatibility
Derek Atkins
warlord at MIT.EDU
Sun Jan 20 21:46:35 EST 2002
Actually, I've found it isn't quite that bad. Yes, there are some
problems with some of the odd-man-out features. And yes, there are
certainly problems that only get solved if users upgrade to PGP 6.5.8
or more recent versions of GPG.
I will agree with your assessment of the origin of the problem.
However I don't think it's quite as bad as you make it out to be --
I've been using PGP 6.5.8 successfully to talk to a few people. My
biggest problem is that very few people actually use PGP.
Question: How many users of PGP 2.x are still out there? If people
have upgraded to more recent versions, then it's not quite as bad.
OTOH, I have successfully interoperated with PGP 2.6 fairly recently.
Then again, I still use my 1992-era RSA key (I should probably upgrade
sometime soon).
If all else fails, there is always S/MIME ;)
-derek
John Gilmore <gnu at toad.com> writes:
> These days, PGP is effectively useless for interoperable email. If
> you have not prearranged with the recipient, you can't exchange
> encrypted mail. And even if you have, one or the other of you will
> probably have to change your software, which will produce other ripple
> effects if you are trying to talk to TWO different people or groups
> using encrypted email.
>
> PGP compatibility problems started with Phil Zimmermann's deliberate
> decision to eliminate compatibility with RSA keys. Once that problem
> existed, disabling communication with anyone who used PGP before late
> 1997, nobody else seemed to mind introducing all sorts of lesser
> incompatibilities, including many mere bugs.
>
> Having wrestled with these problems for years, my guess is that we
> need to abandon PGP and spec something else, probably in the IETF.
> (Perhaps we might be able to shortcut that process if the OpenPGP
> standards effort actually produces many compatible implementations
> including NAI's, and/or if NAI falls apart and every other
> implementation meets the IETF specs.)
>
> Note, however, that there are many things that OpenPGP doesn't do,
> making encrypted email still a pretty sophisticated thing to do.
> Brad Templeton has been kicking around some ideas on how to make
> zero-UI encryption work (with some small UI available for us experts
> who care more about our privacy than the average joe).
>
> http://www.templetons.com/brad/crypt.html
>
> John
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list