encrypting and signing for pgp2

Werner Koch wk@gnupg.org
Tue, 13 Jul 1999 19:22:25 +0200


Holger Schurig <holger@holger.om.org> writes:


> Hmm, I just wonder what would in the end be better in case of speed,
> integration and even security: having the functionality outside GnuPG or
> inside GnuPG?
It is just code complexity. Some changes are easy to do (adding an option every 2 days :) and the possible damages are easy to identify. The patches Remi proposed are much complexer as they change the logical control flow of the program and doing this (and maintaining) is quite a bit of work. PGP 2 has some design flaws and that is why there is a new standard which tries to solve this. We should not keep the old message structures alive for ever (especiall creating them) or we will never get rid of them. (The IBM PC has serious design flaws and the kernel hackers are still (after more than 15 years) required to add and maintain code for these old systems - spending this time on other task would be better.)
> On the other side: I don't see much point why GnuPG became much more pgp2
> compatible with 0.9.8 when the goal is not full compatibilty. That's a
I try to keep verification and decryption of pgp 2 message working as there are a lot of PGP 2 signed documents around. -- Werner Koch at guug.de www.gnupg.org keyid 621CC013