PGP & GPG compatibility

Adam Back adam at cypherspace.org
Mon Jan 21 15:50:22 EST 2002


If you ask me GPG has as much to answer for in the
non-interoperability problems with it's rejection of shipping IDEA
with the default GPG as PRZ et al for deciding to not ship RSA.

I tried arguing with PGP that if they wanted to phase out RSA use, the
best way would be to support it: then more people would have upgraded
to pgp5.x and started using new key types.  Instead people continued
to use PGP2.x in defense as it was the only thing which reliabily
interoperated.  

It's understandable that PGP would have wanted to phase out RSA due to
the trouble RSADSI caused with licensing of the RSA patent, but still
the approach taken had predicatbly the opposite effect to that which
they hoped to achieve.

GPG on the other hand is simply wilfully damaging interoperability by
putting their anti-patent stance over the benefit of PGP users.  I
know there are modules to add IDEA support but they're not shipped by
default so most people don't use them.

It seems that the result of GPG and PGP intentionally induced
incompabilities has greatly reduced PGP use.  I used to use PGP a lot,
these days I use it a lot less, most uses induce all kinds of problems
to the extent that most people resort to using plaintext.

If the -pgp2 option implies that GPG will then ship with IDEA and that
there is a way to request PGP2 compability that is a good step.

However it should be possible to automatically select that option
based on the public key parameters of the person you're sending to,
which was if I recall the reason for the introduction of the new
openPGP RSA format, so that a PGP2 generated RSA keys could be
distinguished from openPGP keys, and compability could be maintained.

Adam

On Mon, Jan 21, 2002 at 09:35:24AM +0100, Werner Koch wrote:
> On 20 Jan 2002 21:46:35 -0500, Derek Atkins said:
> 
> > Question: How many users of PGP 2.x are still out there?  If people
> > have upgraded to more recent versions, then it's not quite as bad.
> > OTOH, I have successfully interoperated with PGP 2.6 fairly recently.
> 
> Things would get much better if a PGP 2 version with support for CAST5
> would get more into use.  We can't officially support IDEA for patent
> reasons in GnuPG; the next release comes with a --pgp2 option to
> bundle all the options needed for pgp 2 cmpatibility and furthermore
> you will get a warning if a message can't be encrypted in a PGP2
> compatible way.  
> 
> There is a pgp 2 version by Disastry (http://disastry.dhs.org/pgp)
> which support all OpenPGP defined ciphers. 



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list