Can't compile RSA / IDEA under Windows

Michel Bouissou michel@bouissou.net
Wed, 6 Sep 2000 13:42:38 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Werner Koch wrote:


> > So, how could the IDEA / Windows version be solved ?
>
> Wait until 2007.
Am I right understanding your statement as meaning that making GnuPG compatible with the most trusted and original versions of PGP is of absolutely no interest to you ? Well, I have the feeling that a big lot of PGP users and free crypto supporters wouldn't share this point of view. On the opposite, many people seem to consider that the success and diffusion of GnuPG will be very closely related to its ability of being easily compatible with existing versions of PGP, and existing PGP keys, on the most common platforms. If GnuPG wants to be considered as a serious alternative to PGP and a possible replacement for it, it *has* to put compatibility on the top of its priorities-list.
> Or go and fix PGP 2 to use CAST5 instead of IDEA - it should be not
> that comlicated. Well, there is still the problem with PGP2's ugly
> way of storing signatures.
Asking to "go fix PGP 2" is pure nonsense. Are you speaking seriously ? The way PGP 2 stores signatures may be ugly -- or may not. But one cannot ignore the fact that PGP 2 was there *years* before GnuPG and has become so largely trusted that it has become a de facto worldwide standard. The interesting article "Replacing PGP 2.x with GnuPG" from Kyle Hasselbacher, available at http://www.gnupg.org/gph/en/pgp2x.html clearly shows that GnuPG is intrinsically capable of being compatible with PGP 2.x, but that the choice of making it easy has not been made. It would probably be quite trivial to add some options like - --compat-PGP26x or --compat-PGP5x that would set GnuPG operations accordingly, rather than having to do some kind of puzzle work trying to combine the individual existing esoteric options such as --rfc1991 or --force-v3-sigs --s2k-* or --cipher-algo --compress-algo - --digest-algo . These options are interesting for specialists, but are definitely not usable for the average user that would simply like to encrypt a message that would be readable for a PGP2 user. Furthermore, the messages that GnuPG displays when using RSA keys or the IDEA algorithm, stating these are "deprecated" or "obsolete" and advising the user to "upgrade" are clearly partial. RSA and IDEA may be encumbered with patent issues (soon to be solved for RSA), these issues do not make these algorithms "deprecated" nor "obsolete" nor less trustable than DH/DSS or CAST5. Therefore, displaying such messages is a partial choice based on personal opinions and not technical facts. It would be great if GnuPG could get rid of these little issues, because it would immediately make it a very serious challenger to PGP, and would help for its large diffusion. I wish this message can be understood not as being a personal attack, or any attempt to start flamewars, this really not being in my intention. I only wanted to make clear features that a *lot* of current PGP users currently expect from GnuPG, in the hope that such demands will be heard. Best regards. Michel Bouissou <michel@bouissou.net> PGP DH/DSS ID 0x5C2BEE8F -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> Comment: Corrigez le bug PGP ADK. Installez PGP 6.5.8 ou superieur. iQA/AwUBObYfm47YarFcK+6PEQJejwCgsqgdr8oOK9o3VwXo+LT5KBlr5hMAni1C 26x4ScNQrZeIBS4LXv+4cE4F =TXZP -----END PGP SIGNATURE----- -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org