Note: this is really politics and not RFC business - my apologies but something
of a sore point.
And free PGP users didn't deserve an eased upgrade path, but rather to forcibly
obsolete all their keys, signatures and web of trust in the new version?
Especially since the RSA-key Free PGP user base is where PGP Inc. made their
reputation and the size of that base is constantly cited to the IETF and in
press releases as PGP's "customer base". Don't be ridiculous. And watch who you
throw stones at--can you say "glass house"?
Am surprised at this posting as it seems to forget one major problem: RSA is
patented. I have been told repeatedly by PGP that one of the reasons they do
not offer a site license (nor a real personal license for that matter in the
sense of being authorized to operate on all solely-used computers) is a
requirement by RSA for a "per CPU" fee.
True, the "free" version may be exempt under the terms of the patent but
this has never been exactly clear. Do suspect that when PGP and Viacrypt
did their inverse triangular multibuyout which resulted in a common point
for both free and commercial versions that some of the clauses of the RSA
license began covering PGP Inc and thus the "free" version as well (do you
realize that there are fifty thousand lawyers in Florida alone ? Twice as
many Southern Bell yellow pages of attorneys as doctors and churches
Would be nice if RSA put the mechanism into the public domain but since they
reniged on the S/MIME components, I have doubts that this will happen.
Sounds like an opportunity for some programmer to create a "front end" to
determine which is being used and to invoke the correct version but this is
the reason that RSA (or any proprietary mechanism) should *never* be a MUST.