Ian Grigg <iang(_at_)systemics(_dot_)com> wrote:
Options have been on my mind lately. More than anything else,
sparked by the 2.6 versus 5.x issue.
3. A compatible 2.6 / 5.x method arises, so all product can handle
all comms. This would migrate people over to the new methods more
quickly, perhaps within 2 years.
4. Two separate standards opposed around some axis ...
(I am beginning to wonder myself whether this is inevitable, due to
the slow upgrade represented by the pure 5.x line ...
We should remember that standards might be written by WGs and
authorised by quango-like administrators, but they are accepted by
users. The success of any standard that this WG produces will not
be known for many years, and will be dictated by market reactions
to it and other factors.
I believe that most users would be willing to migrate from their
current 2.x version to a new version (say 2.6.5, to include the magic
"5") which had
(1) a DOS-like interface identical to 2.6.3in, but with support for
the additional algorithms of 5.x (SHA1 and DSA, EG, CAST5, 3DES);
(2) with key generation extended by optional additional parameters
to specify these algorithms (somewhat like PGP 5.5's choices);
(3) with defaults for these additional parameters set in pgp.ini for
existing programs which shell to PGP to generate keys.
The major problem with migration to PGP 5.x is not the additional
algorithms; it is the limited integration of the PGP 5.x clients with
existing platforms and tools. PGP 2.x works on 80286s and up, on
palmtops, and on virtually any other machine's DOS emulator. It
works with the remailers and nymservers and steganography tools and
everything else which people use today to protect themselves from
prying eyes. It integrates into a wide variety of mail and news
clients through PGPclick and many other support tools.
If I were going to do create this 2.6.5 version, I would start with
Lutz' 2.6.3in as the base, and add the necessary algorithms and key
flags and pgp.ini parameters. In addition to the source, I would
produce both RSAREF-based and non-US/Canada executables for DOS PCs,
so that the majority of users (who don't have the necessary
compilation tools) could do a simple download to upgrade. But I
don't have the toolset necessary to this task; perhaps those of you
who do could tackle the job.
Tom Phinney
PGP: pub 1024 RSA:0xFA7148F1 DSS/EG:0x8A297007 on keyservers