Can't compile RSA / IDEA under Windows
Mark H. Wood
Wed, 6 Sep 2000 08:39:14 -0500 (EST)
On Wed, 6 Sep 2000, Michel Bouissou wrote:
> Werner Koch wrote:
> > > So, how could the IDEA / Windows version be solved ?
> > Wait until 2007.
> Am I right understanding your statement as meaning that making GnuPG
> compatible with the most trusted and original versions of PGP is of
> absolutely no interest to you ?
I think he's saying that forcing GPG users in many countries to choose
between breaking the law and waiting seven years for their next GPG
upgrade is of absolutely no interest.
> Well, I have the feeling that a big lot of PGP users and free crypto
> supporters wouldn't share this point of view.
> On the opposite, many people seem to consider that the success and
> diffusion of GnuPG will be very closely related to its ability of
> being easily compatible with existing versions of PGP, and existing
> PGP keys, on the most common platforms.
This is true. Sadly, many cling to versions of PGP that are now nearly
FIVE MAJOR RELEASES OUTDATED. *Their* software is not RFC2440-compliant.
> If GnuPG wants to be considered as a serious alternative to PGP and a
> possible replacement for it, it *has* to put compatibility on the top
> of its priorities-list.
> > Or go and fix PGP 2 to use CAST5 instead of IDEA - it should be not
> > that comlicated. Well, there is still the problem with PGP2's ugly
> > way of storing signatures.
> Asking to "go fix PGP 2" is pure nonsense. Are you speaking seriously
I took it seriously. The source is in the celebrated book. Go fix it.
[snip stuff on which I can't usefully comment]
> It would probably be quite trivial to add some options like
> --compat-PGP26x or --compat-PGP5x that would set GnuPG operations
> accordingly, rather than having to do some kind of puzzle work trying
> to combine the individual existing esoteric options such as --rfc1991
> or --force-v3-sigs --s2k-* or --cipher-algo --compress-algo
> --digest-algo .
> These options are interesting for specialists, but are definitely not
> usable for the average user that would simply like to encrypt a
> message that would be readable for a PGP2 user.
It sounds reasonable to have collective switches which implement
commonly-used combinations of more specialized options. This does nothing
about the legal issues, but it wouldn't hurt.
> Furthermore, the messages that GnuPG displays when using RSA keys or
> the IDEA algorithm, stating these are "deprecated" or "obsolete" and
> advising the user to "upgrade" are clearly partial.
> RSA and IDEA may be encumbered with patent issues (soon to be solved
> for RSA), these issues do not make these algorithms "deprecated" nor
> "obsolete" nor less trustable than DH/DSS or CAST5.
No, what makes the use of IDEA deprecated is this language in RFC2440:
[from section 220.127.116.11]
PGP 2.X always used IDEA with Simple string-to-key conversion when
encrypting a message with a symmetric algorithm. This is deprecated,
but MAY be used for backward-compatibility.
> Therefore, displaying such messages is a partial choice based on
> personal opinions and not technical facts.
If protocol specifications are not technical facts, then I wonder what
> It would be great if GnuPG could get rid of these little issues,
> because it would immediately make it a very serious challenger to
> PGP, and would help for its large diffusion.
I can't argue with that. However, only time or money will solve the
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
2000-05-05 13:27:15 GMT -- still no icebergs in the White River
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to firstname.lastname@example.org