PGP & GPG compatibility

Derek Atkins warlord at MIT.EDU
Tue Jan 15 15:06:42 EST 2002 

Is there even development on the PGP (product) line?  AFAIK
they (NAI) have not release PGP 7.x in source form.  Worse, there
are a couple of bugs I found in 6.5.8 when I was porting it
to Tru64, but who knows if anyone is listening over at NAI.

It's a sad state of affairs.  Perhaps I should go into "PGP
consulting", but I don't know if anyone would pay me to support
PGP for them....

-derek

Werner Koch <wk at gnupg.org> writes:

> On Sat, 3 Jan 1970 09:41:26 +1000, Nicholas Brawn said:
> 
> > What's the state of the game with PGP and GPG compatibility?
> 
> According to the bug reports I receive for GnuPG, it seems that even
> the latest versions of PGP (7.0.3?) are still not OpenPGP compatible.
> At least they still don't understand version 4 signatures on data
> packets (only on keys).  I had in mind that this was fixed some time
> ago, but obviously this isn't the case.
> 
> There is a problem wrt text mode signatures: no agreement was found on
> what a line ending consists of.  PGP translates a CR inside a line
> (well, what most non Apple programmers consider a line ending) into a
> CR,LF sequence for hashing.  The proper solution is not to use
> textmode signatures except for cleartext signed messages.
> 
> About two years ago we agreed on a way to implement MDC and defined
> new packet types for it.  I did some tests with Hal Finney and it used
> to work.  The OpenPGP draft was later changed to introduce key flags
> and use one to enable MDC mode.  However, GnuPG uses MDC mode with all
> ciphers of a block length other than 64 bits (i.e. Twofish and AES*).
> The draft has still not been released as a new RFC so this may change
> again :-(.
> 
> The flaw in the secret key protection mechanism was discussed for a
> short time but it seems that nobody is willing to continue with this.
> I made several suggestion on how to do it.
> 
> Interoperability tests should have happened last summer but for
> unknown reasons they didn't.  It is very sad to see that after 3 years
> we have not achieved to get OpenPGP into draft status :-(.
> 
> 
>   Werner
> 
> -- 
> Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
> g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
> Privacy Solutions                                        -- Augustinus
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list