on the state of PGP compatibility (2nd try)

Sun Mar 31 18:08:14 EST 2002

On Sun, Mar 31, 2002 at 06:08:51PM +0100, Adam Back wrote:
> [This is actually slightly more accurate and even worse than my first
> mail which bounced to some of the lists as I had a typo, _and_
> separately encountered a mail hub outage at cyberpass.net -- apologies
> to those who get duplicates].
> 
> So I was trying to decrypt this stored mail sent to me by a GPG user,
> and lo pgp6.x failed to decrypt it.
> 
> So I try an older gpg I had installed, and it fails because it doesn't
> support RSA or IDEA, and this GPG user it seems installed the RSA and
> IDEA patches.
> 
> So I go fetch GPG from www.gnupg.org, but it still doesn't contain
> IDEA by default due to the anti-patent religion thing gone-to-far over
> at GNU land, so I try to download the idea.c plugin -- except they
> seem to have removed it (accidentally? hmm -- I fire off a mildly
> brusque email to webmaster at gnupg.org -- and hit google.com but all
> the first few hits are pointing at the gnupg.org faq with labyrinth of
> links ending eventually in the same dud link.)

I sympathize with your problems, but frankly (and I suspect you know
this, despite your justified irritation) some of the problems you had
are well beyond the scope of "PGP compatibility".  It's not a flaw in
PGP compatibility that PGP5.x won't compile cleanly any longer because
of changes to your build platform, nor is it a flaw in PGP
compatibility that some buggy program you were working with ate your
PGP 2.x keyring files.

The OpenPGP spec handles compatibility issues quite well.  The catch,
of course, is that PGP 2.x isn't OpenPGP and PGP 5.x isn't OpenPGP.
PGP 6 and 7 aren't really OpenPGP either, but they're generally close
enough for all practical purposes.

PGP 7 or GnuPG with the IDEA plugin can handle messages from any
version of PGP, OpenPGP or not.

> Either way _even_ if idea.c were still where they claimed it would be
> it seems intentionally very well hidden, which I think is
> unconscionable for a security product: to _intentionally_ frustrate
> users attempts to interoperate with secure previous versions and
> alternate implementations.

The IDEA plugin is available at:
   ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c
   ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.sig

I doubt it's intentionally hidden, though it's certainly a pain to
find.

David

-- 
   David Shaw  |  dshaw at jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com