PGP & GPG compatibility

John Gilmore gnu at toad.com
Sun Jan 20 21:30:47 EST 2002


These days, PGP is effectively useless for interoperable email.  If
you have not prearranged with the recipient, you can't exchange
encrypted mail.  And even if you have, one or the other of you will
probably have to change your software, which will produce other ripple
effects if you are trying to talk to TWO different people or groups
using encrypted email.

PGP compatibility problems started with Phil Zimmermann's deliberate
decision to eliminate compatibility with RSA keys.  Once that problem
existed, disabling communication with anyone who used PGP before late
1997, nobody else seemed to mind introducing all sorts of lesser
incompatibilities, including many mere bugs.

Having wrestled with these problems for years, my guess is that we
need to abandon PGP and spec something else, probably in the IETF.
(Perhaps we might be able to shortcut that process if the OpenPGP
standards effort actually produces many compatible implementations
including NAI's, and/or if NAI falls apart and every other
implementation meets the IETF specs.)

Note, however, that there are many things that OpenPGP doesn't do,
making encrypted email still a pretty sophisticated thing to do.
Brad Templeton has been kicking around some ideas on how to make
zero-UI encryption work (with some small UI available for us experts
who care more about our privacy than the average joe).

  http://www.templetons.com/brad/crypt.html

	John




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list