PGP & GPG compatibility

Werner Koch wk at gnupg.org
Tue Jan 22 04:02:29 EST 2002 

On Mon, 21 Jan 2002 20:50:22 +0000, Adam Back said:

> GPG on the other hand is simply wilfully damaging interoperability by
> putting their anti-patent stance over the benefit of PGP users.  I
> know there are modules to add IDEA support but they're not shipped by

The reason to write GnuPG were the patent problems with RSA (at that
time) and IDEA.  The GNU project is about Free Software and IDEA does
not allow the use of the software in a lot of countries.  It is not
sufficient that Ascom grants (on request) gratis licenses for private
use (there scope of private use is actual very narrow, as you are not
allowed to use the same box for any business purposes and even
charitable organisations have to pay per-user fees), the GPL does not
distinguish between private and commercial use.

See section 7 of the GPL for the reason why we can't distribute an
IDEA implementation.  Noone but Ascom and the patent laws are
disallowing the use of the IDEA module - we are just not able to
distribute it along with GPLed software and guess why we have this
loadable module feature in GnuPG.

If you want to use IDEA (instead of using a CAST5 enabled PGP 2.6)
write to Ascom and ask them to grant a royality-free and perpetual
license to use the IDEA algorithm with GPLed software.  Or even better
help to abolish all patents on algorithms and software:
http://www.no-epatents.org or http://petition.eurolinux.org

> It seems that the result of GPG and PGP intentionally induced
> incompabilities has greatly reduced PGP use.  I used to use PGP a lot,

This may be true for you and the small set of long term users.  In
general the use of PGP (well in the form of the IETF OpenPGP protocol)
has grown far beyond a small group of geeks.  There is at least one
major car vendor who demands the use of PGP enrcypted mail from all
suppliers.  If you look at the keyring anylyses at dtype.org you will
notice that there is a large user base.  keyserver admins should be
able to give some numbers to prove that PGP is actually in use.

> However it should be possible to automatically select that option
> based on the public key parameters of the person you're sending to,

Yes, this is indeed possible and GnuPG does it for a long time.
Because encryption interoperability with 2.6 is hampered by the IDEA
patent problem it did not made too much sense for me to put a lot of
effort into fixing some litlle annoyances related to the inability of
PGP 2 to encrypt in streaming mode.  Well, I believe David fixed most
of this while adding the --pgp2 option.

Ciao,

  Werner


-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list