GPG and PGP

David Shaw dshaw at jabberwocky.com
Tue Mar 15 15:34:47 CET 2011


On Mar 15, 2011, at 10:17 AM, Johan Wevers wrote:

> Op 15-3-2011 14:19, Aaron Toponce schreef:
> 
>> 1. The U.S. patent expires for IDEA on January 7, 2012.
> 
> I propose to include the IDEA module then in GnuPG 1.4.12 and 2.2.(then
> current + 1), just like the extra version that came out when the RSA
> patent expired.
> 
>> 2. IDEA has already been succeeded by IDEA NXT, another patented
>> algo.
>> 3. Both IDEA and IDEA NXT don't meet the rigor of many of today's
>> open algos.
> 
>> So, if you ask me, I don't see the need to support even the
>> capability of a module with GnuPG. PGP 2 is long since dead, and
>> anyone still using IDEA for whatever reason, should migrate to more
>> robust, secure and open algos.
> 
> I disagree. People might still need access to encrypted archives and old
> keys with significant weight in the WoT might still be around. Further
> pgp 2.x format can still be used with software like Mixmaster remailer.

While I'm no great fan of 2.x v3 keys, I agree with this, and would like to see IDEA included once the various patents expire.  PGP 2.x was used for a long time, and there is a lot of encrypted material out there, at least some of which is still needed.  I wouldn't put it in the default preferences or anything like that, but just having the cipher present would be a kindness to long-time PGP users.

(I know that IDEA is a possible cipher for v4 keys as well, but given that PGP made it a non-default to use IDEA in v4, and given that GPG never supported IDEA without a special plugin, a v4 key using IDEA is rare).

David




More information about the Gnupg-users mailing list