effects and incompatibilities between GPG1.0.6 and PGP CKT 06

Graham graham.todd@ntlworld.com
Sun Jul 8 20:27:01 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there, pplf,

On 08 July 2001, I received the following message from you regarding
"effects and incompatibilities between GPG1.0.6 and PGP CKT 06"


> 

> > I'm surprised by that because the CKT builds of PGP

> > have been around to my knowledge since PGP 5.x and

> > Imad is both well respected and well known in

> > Windows circles.

> 

> The CKT versions have been created to allow big keys (RSA 16k bits) and

> some others customisations.


This may have been the reason the early ckt builds were built, but it
is not the main reason now and although you CAN create big keys the
documentation now warns against it.

> 

> For info, PRZ has asked PGP users to not use these CKT versions for

> compatibility reasons.


PRZ asked that big keys not be used and warned against the use of
experimental code, he did not specifically state that CKT builds
should not be used.  In fact your own quote goes on:

QUOTE
This is part of the reason
why we ask people not to release code changes on their own, but to send them
to us, so that we may incorporate some of them (if they seem like good ideas)
into our next product release.  That is how PGP enhancements from the user
community have always been managed since PGP source code was released in
1991.
END QUOTE

but PGP 6.5.8 is no longer supported by NAI.  Those of us who use
e-mailers other than those for which NAI has written plug-ins are
forced to use PGP 6.5.8, but PGP 6.5.8ckt has security enhancements
and additional algorithms incuded and sharpen up the code.  There is
no "next product release" for us and until NAI issue the SDK for PGP
7.x.x I will happily use PGP 6.5.8ckt

> 

> I am not sure that the CKT versions are considered as "respected

> versions" by all the GnuPG / PGP users...


That's a sweeping statement.  Certainly some GnuPG/PGP Users might not.
But the PGP-Basics group at Yahoo, does (where people are abandoning
PGP 7.x.x for PGP 6.5.8ckt), and the Becky Users PGP Forum does, both
of which I moderate

I am happy to debate this  forever, but I think its getting a bit OT. 
My earlier point has not been answered: how about inviting Imad into
the OpenPGP WG where we can all benefit from his input?

- -- 
Graham <graham.todd@ntlworld.com>

Please use my PGP/GnuPG Key ID: 0xE935DB9D

Written on 08 July 2001 19:05:20
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: Powered By Becky!2

iD8DBQE7SKWXIwtBZOk1250RAnEKAKCd/f6gzWoOZtZFZCYhpBv7PK5QwQCg+SDW
kfweJJMa3O/HrpZANODQlbE=
=0kw7
-----END PGP SIGNATURE-----