Interoperability

Leigh S. Jones, KR6X kr6x@kr6x.com
Mon May 6 20:02:01 2002


I hope very strongly that Mr. Zimmerman will find disagreement,
but at this point in time I have come to the conclusion that it is
unwise to take interoperability with PGP as a serious issue
moving into the future.  Certainly there are users of PGP who
will not change or upgrade.  But indications are that PGP will
die out and leave GnuPG as the only serious tool for encryption
and digital signatures.

Now, don't misunderstand me.  I realize that there are numerous
tools that have been developed for cryptography, in fact
hundreds have been through the validation process:

http://csrc.nist.gov/cryptval/dss/dsaval.htm#dsavallist

This is the list for digital signatures, there are others for the
cryptography validations.  But few of these have the public
attention that PGP and gpg have, perhaps because of price
issues.  And, Windows has a built-in capability that is largely
ignored because of the linkage between Windows encryption
and enterprises that charge for certificate signing and
certificate server services.

GnuPG is poised to dominate the field, and its developers
should consider the implications of creating the best possible
tool rather than the most compatible one.  The "idea" patent
has already set PGP and GnuPG widely apart from the
standpoint of interoperability, despite the promise of
compatibility that the OpenPGP standard presents.  Equipping
GnuPG with capabilities that extend its interoperability with
existing standards such as SHA-256 makes sense from the
point of view of interoperability, even if there is no support for
these standards in PGP7.1.

----- Original Message -----
From: "Simon Josefsson" <jas@extundo.com>
To: <gnupg-users@gnupg.org>
Sent: Monday, May 06, 2002 10:24
Subject: Re: Nullify's GnuPG 1.0.7 Release 2


> Werner Koch <wk@gnupg.org> writes:
>
> > On Sun, 5 May 2002 22:07:44 +0200 (MET DST), Johan Wevers said:
> >
> >> It might be usefull as a security measure. And interoperability
problems
> >> are not always an issue, however:
> >
> > I disagree.  Having only minor interop problems is a big advantage of
> > OpenPGP over S/MIME.  Don't let us get intothe S/MIME trouble.
>
> FWIW, very few of the S/MIME encrypted/signed mail I receive are
> broken, compared to maybe 1 out 20 for PGP.  Having three commonly
> used methods of embedding PGP in mail (and several more methods that
> are less commonly used) is probably one of the reasons.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>