The problem is not the use of the program (indeed, I haven't run pgp
2.6 in ages, I've been running pgp6). The problem is all the data
encrypted using old keys and algorithms.
I've got thousands of messages encrypted in my PGP2 RSA key using IDEA
and MD5. Frankly, I don't want to go through my mail and re-encrypt
all those messages using OpenPGP encryption -- I want to just be able
to read those messages in the future.
Admittedly, if there were a tool I could use that would do the
re-encryption for me I might consider it, but I have no inclination to
write such a tool at this moment. However, this means that I will
always run a version of PGP that can read those messages. If RSA,
IDEA, and MD5 are not available algorithms, that's a clue to me that I
shouldn't upgrade.
-derek
pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz (Peter Gutmann) writes:
In that case they can use an OpenPGP version (in fact I would hope that a
business isn't still using 10-year-old DOS-based software in their commercial
operations). I would imagine that most people still sticking to PGP 2.x are
doing so because they've used it for years and are comfortable with it, and by
extension would be individual users who fall under the free-use terms. It
seems like a bit of a non-issue to me - as Derek said, make it a MUST NOT
generate 2.x-style keys but SHOULD still support the message format, that'll
have the required effect.
Peter.
--
Derek Atkins
Computer and Internet Security Consultant
derek(_at_)ihtfp(_dot_)com www.ihtfp.com