Detecting PGP 2.6.x keys
David Shaw
dshaw at jabberwocky.com
Fri Sep 17 02:34:56 CEST 2004
On Fri, Sep 17, 2004 at 12:00:02AM +0200, Johan Wevers wrote:
> David Shaw wrote:
>
> >It's not just that the person with the PGP 2.x key must have IDEA -
> >it's that people with OpenPGP might not. Take this case: User A has a
> >PGP 2.x key. User B has an OpenPGP key. In an effort to accomodate
> >user A, you encrypt using IDEA. However, user B does not have IDEA.
> >By trying to be backwards compatible with user A, you accomplish
> >locking out the modern user B.
>
> Well, modern user B should then find an IDEA module or compile it in.
Why should he? In most of the world he can't even use IDEA legally
without a licence. This isn't his problem (over 90% of the userbase).
This is user A's problem (less than 10% of the userbase).
In any event, this is not a useful suggestion. When working on GnuPG,
I have to follow the OpenPGP standard. There is absolutely no
requirement in OpenPGP that a client supports IDEA, and therefore I
cannot assume that a client supports it either.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
Url : /pipermail/attachments/20040916/8a9db36d/attachment.bin
More information about the Gnupg-users
mailing list