New PGP signatures
Could I humbly request that people don't post the new (SHA?) PGP signatures to the list for the time being as it's a pain in the ass for those of us outside the US who don't yet have the ability to read them. PGP 2.6.x error handling doesn't know what to do with them and it breaks our mail-processing code. Mark
| Could I humbly request that people don't post the new (SHA?) PGP | signatures to the list for the time being as it's a pain in the ass for | those of us outside the US who don't yet have the ability to read them. | PGP 2.6.x error handling doesn't know what to do with them and it breaks | our mail-processing code. Better yet, could PGP release source code so those of us not lucky enough to own a Mac, Windows, or other supported platform can move ahead with porting? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Mark Grant wrote:
Could I humbly request that people don't post the new (SHA?) PGP signatures to the list for the time being as it's a pain in the ass for those of us outside the US who don't yet have the ability to read them. PGP 2.6.x error handling doesn't know what to do with them and it breaks our mail-processing code.
Mark
Well, I still use my RSA key for all signings and encryptions since about 85% of PGP users don't use the new Diffie-Hellman keys, and some asshole forgot to make PGP 5.0 freeware RSA key-generating. Luckily I can still use my RSA key. Plus, some assholes didn't take into account that not everyone uses Windoze95/NT 4.0 or Macintrash, and didn't make one yet for Unix or OS/2 or DOS or Windoze 3.1 users. My friend still uses 3.1 and I have to use my RSA key to talk to him. I hope you guys with the international PGP get to use 5.0 soon. It's really nice, all things about it excluded.
bennett_t1@popmail.firn.edu wrote:
some asshole forgot to make PGP 5.0 freeware RSA key-generating
Okay, silly question here, but what's to stop someone from adding that capability once the source is available? (And if they knew they were going to publish the source, why not just add the capability in the first place?) -- Rick Osborne, <osborne@gateway,grumman.com> "Unbelievable! Even over the air waves, this Senator person eminates evil as if it were musk!" -- Gates, Legion of Superheroes
On Mon, 23 Jun 1997, Rick Osborne wrote:
bennett_t1@popmail.firn.edu wrote:
some asshole forgot to make PGP 5.0 freeware RSA key-generating
Okay, silly question here, but what's to stop someone from adding that capability once the source is available? (And if they knew they were going to publish the source, why not just add the capability in the first place?)
Because there is no reason for PGP to enourage people to generate new RSA/MD5 keys when MD5 is about to go downhill. The source is being scanned as we speak, UNIX versions will obviously be forthcoming soon, if you want to generate RSA keys, use PGP 2.6.2. Get a clue, --Lucky
On Mon, 23 Jun 1997, Lucky Green wrote:
On Mon, 23 Jun 1997, Rick Osborne wrote:
bennett_t1@popmail.firn.edu wrote:
some asshole forgot to make PGP 5.0 freeware RSA key-generating
Okay, silly question here, but what's to stop someone from adding that capability once the source is available? (And if they knew they were going to publish the source, why not just add the capability in the first place?)
Because there is no reason for PGP to enourage people to generate new RSA/MD5 keys when MD5 is about to go downhill.
They could have supported RSA/SHA if they wanted to. They also put 3DES and IDEA support as options in the manual (but not in the freeware or tryit versions that I can see). I hope the international generic version - after it is scanned and modified - has many useful "upward compatible" options which will refuse to interoperate with the commercial windows/mac version. And then someone can write an interoperability spec and the next version of everything will talk to everything else.
On Mon, 23 Jun 1997 tzeruch@ceddec.com wrote: [On PGP switching to SHA-1/ElGamal]
They could have supported RSA/SHA if they wanted to. They also put 3DES and IDEA support as options in the manual (but not in the freeware or tryit versions that I can see).
I guess suggestions such as the one above prove that CP is still attracting newbies. That's a good thing. Now if they only read the FAQ. The patents for DH (which cover the public domain ElGamal) expire this Fall. By using SHA-1/ElGamal, PGP is moving to a technology that will soon no longer require paying large sums of money to RSA for the use of a one-line mathematical formula. This is *a good thing*. --Lucky
On Mon, 23 Jun 1997, Lucky Green wrote:
On Mon, 23 Jun 1997 tzeruch@ceddec.com wrote:
[On PGP switching to SHA-1/ElGamal]
They could have supported RSA/SHA if they wanted to. They also put 3DES and IDEA support as options in the manual (but not in the freeware or tryit versions that I can see).
I guess suggestions such as the one above prove that CP is still attracting newbies. That's a good thing. Now if they only read the FAQ.
The patents for DH (which cover the public domain ElGamal) expire this Fall. By using SHA-1/ElGamal, PGP is moving to a technology that will soon no longer require paying large sums of money to RSA for the use of a one-line mathematical formula. This is *a good thing*.
PGP 5.0 is still covered by patents since it still has RSA in there to read old messages. Also (except for the legal pettifoggery), PGP is supposed to have licenses to RSA. I was speaking technically, not politically. If MD5 is broken, replacing MD5 with SHA1 is the fix. If my transmission is broken, I don't also need a new engine. The antecedent post mentioned the reason to change PGP was a technical flaw. My point (which echos the FAQ) is that there were other forces at work - legal and economic factors. So prepend "If all they were interested in was fixing TECHNICAL weaknesses in PGP " to my comment. If abandoning one standard and requiring the world to change to a radically changed incompatible new one is "a good thing", it is only because paying extortion is not, which is a sentiment I agree with. I do think it is a shrewd move, since now the worst thing RSA can do to them is not allow them to sell backward compatible versions in the US, were I in their position I would probably do the same thing. On the other hand, if PGP5+ messages are not covered by any licensing restrictions on the technology, then PGP5+ can be cloned (i.e. a fully interoperable version without any code from PGP inc.).
participants (6)
-
Adam Shostack -
bennett_t1@popmail.firn.edu -
Lucky Green -
Mark Grant -
Rick Osborne -
tzeruch@ceddec.com