PGP 5.x and GnuPG

Frank Tobin
Thu, 16 Mar 2000 23:00:03 -0600 (CST)

Hash: SHA1

Trevor Smith, at 11:26 -0400 on Fri, 17 Mar 2000, wrote:

> >The reason is mainly the v3 vs. v4 key types. Note that PGP5 is not
> >OpenPGP compliant.
> Weird. Doesn't the OpenPGP RFC start by saying that OpenPGP is a
> proposed standard based on PGP 5.0? How did PGP5 manage not to comply
> with the RFC based on it?
The v3 keys that PGP5 and earlier created are vulnerable to certain attacks. That is the reason they are now deprecated. In the RFC there are SHOULD's and MUSTS. From the RFC, 5.5.2: "OpenPGP implementations SHOULD create keys with version 4 format. An implementation MAY generate a V3 key to ensure interoperability with old software; note, however, that V4 keys correct some security deficiencies in V3 keys. These deficiencies are described below. An implementation MUST NOT create a V3 key with a public key algorithm other than RSA." You might be interested in browsing the section of the RFC entitled "Implementation Nits": - -- Frank Tobin "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - iEYEARECAAYFAjjRu90ACgkQVv/RCiYMT6OwqQCfc4klzWH0Ft3fztBQOVyVJAR3 Gv4AmQEwvyhK7fCR5QtnVRQxwaYmbx+X =ayij -----END PGP SIGNATURE-----