FW: [PGP-USERS] Re: ADK Bug: Statement from cert.org.
Fri, 25 Aug 2000 11:23:25 +0100
> -----Original Message-----
> From: Werner Koch [mailto:firstname.lastname@example.org]
> Sent: 25 August 2000 11:14
> To: Simpson, Sam
> Cc: email@example.com; firstname.lastname@example.org;
> email@example.com; NyteRyderZ@hotmail.com
> Subject: Re: [PGP-USERS] Re: ADK Bug: Statement from cert.org.
> [Sam, feel free to forward this to the PGP list - I am not subscribed]
> On Fri, 25 Aug 2000, Simpson, Sam wrote:
> > GPG already won't encrypt to ADK keys so it's a good
> alternative and I have
> > every confidence that Werner Koche is currently working on
> a version of GPG
> > that is at anti-ADK as possible. This won't help existing
> NAI/PGP users
> I can't do much more than to ignore ADK, which was easy because I
> didn't know the format of this packages (I did some investigations
> today and GnuPG should now be able to *list* them using the
> --list-packets command). I don't think that it makes sense to issue a
> warning "ADK key ighnored" when a recipient has an ADK key - this may
> just confuse users more.
> > implement a clean, simple and non complex mail security
> standard rather than
> > producing a v5 specification that forces implementers to
> jump through more
> > hoops for the sake of backwards compatibility. Werner:
> what's your take on
> > the best way forward?
> The current OpenPGP specification together with the proposed MDC
> feature (which is a countermeasure against the Katz/Schneier attack on
> all email encryption protocols) is a reasonable and working standard.
> We should try to get this one to IETF draft status as soon as
> possible. We have already reserved identifiers for the AES and we can
> probably easy agree on a DSA using SHA-2 without running through the
> whole RFC process.
> Werner Koch GnuPG key: 621CC013
> OpenIT GmbH http://www.OpenIT.de
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to firstname.lastname@example.org