Detecting PGP 2.6.x keys
David Shaw
dshaw at jabberwocky.com
Fri Sep 17 00:11:02 CEST 2004
On Thu, Sep 16, 2004 at 03:56:14PM -0500, Aleksandar Milivojevic wrote:
> David Shaw wrote:
> >It's not just that the person with the PGP 2.x key must have IDEA -
> >it's that people with OpenPGP might not. Take this case: User A has a
> >PGP 2.x key. User B has an OpenPGP key. In an effort to accomodate
> >user A, you encrypt using IDEA. However, user B does not have IDEA.
> >By trying to be backwards compatible with user A, you accomplish
> >locking out the modern user B. The only really safe way to handle PGP
> >2.x users is to encrypt twice - once for the PGP 2.x people, and once
> >for everyone else.
>
> Let say somebody implements option in GnuPG so that user can choose to
> have GnuPG go into PGP 2.x compatible mode automatically if PGP 2.x key
> is used. And let say option would be turned off by default, so for all
> current GnuPG users there is no change in how GnuPG behaves.
It is always possible to add yet another feature to try and work
around the fundamental incompatibilities between PGP 2 and OpenPGP.
The problem with this is where does it stop, and how many people does
this benefit? Given that the overwhelming majority of people don't
use PGP 2, this is a simple calculation. Better to spend that
valuable development time on something that is usable by more people.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
Url : /pipermail/attachments/20040916/c0698833/attachment.bin
More information about the Gnupg-users
mailing list