Frustration (forgive a FAQ please)

Jason Gunthorpe Jason Gunthorpe <jgg@ualberta.ca>
Sun, 26 Sep 1999 18:10:59 -0600 (MDT)


On Sun, 26 Sep 1999, Lazarus Long wrote:


> Please confirm I am reading this correctly. A couple of other mailing
> lists have been discussing the interoperability problems, and I do not
> want to be accused of spreading FUD. Anyone that rm's ~/.pgp/* will
> NEVER be able to write a pgp2 user? Is that the correct interpretation?
> Anyone that starts using crypto today, with gpg (as one would hope)
> will NEVER be able to write to a pgp2 user?
Sort of, maybe. It depends on what operation you are intedending to do. PGP2.x cannot handle OpenPGP (aka GPG, PGP5, etc) keys at all. If you are using such a key then you cannot sign or recieve encrypted messages from PGP 2.x users. I'm just going to guess that the problem you had in your last mail with the exact gpg incantation I gave was simply that you specified an OpenPGP key with the -r option.
> If I read the above correctly, that isn't accurate, and should be amended
> to read "only those gpg users who formerly used pgp2 and saved their
> old keyrings can communicate with pgp2 users."
For the most commonly used case of signing, yes. For encryption GPG will be able to use the other parties PGP2.x key.
> If the above is correct, please confirm this before I report elsewhere.
> (It appears to report negatively against gpg and I'd rather do the
> opposite if at all possible, but not at the expense of the truth.)
The change from PGP2.x key formats to OpenPGP key formats is not backwards compatible, any keys generated in the OpenPGP format are not supported by PGP 2.x. OpenPGP keys are generally superioir and in some respects more secure than PGP2.x keys.
> If the above is correct, are there plans to add to the gpg code so that
> gpg users (meaning those who installed it as their first-ever crypto)
> *are* able to write to pgp2 users? After all, the average newbie with
> a need to communicate with pgp2 users will be forced to choose pgp2 as
> their only crypto rather than gpg. (Presuming newbies will only choose
> to learn/run one crypto app.)
I hope not, PGP2.x should be killed off as quickly as possible. All new keys should be generated in an OpenPGP format. If you -must- do this then you can use PGP2.x for the key generation step. Jason