On 3/10/03 9:30 AM, "Derek Atkins" <derek(_at_)ihtfp(_dot_)com> wrote:
The problem is not the use of the program (indeed, I haven't run pgp
2.6 in ages, I've been running pgp6). The problem is all the data
encrypted using old keys and algorithms.
I've got thousands of messages encrypted in my PGP2 RSA key using IDEA
and MD5. Frankly, I don't want to go through my mail and re-encrypt
all those messages using OpenPGP encryption -- I want to just be able
to read those messages in the future.
Admittedly, if there were a tool I could use that would do the
re-encryption for me I might consider it, but I have no inclination to
write such a tool at this moment. However, this means that I will
always run a version of PGP that can read those messages. If RSA,
IDEA, and MD5 are not available algorithms, that's a clue to me that I
shouldn't upgrade.
Two small comments --
First, again, what's being discussed is deprecating, not dropping. It would
be a mistake to strand people, and there are ways to keep this from
happening. We've discussed a number of them here. The decision I'm looking
for is whether we should deprecate.
Second, as I have mentioned, in PGP Corp, we have effectively deprecated V3
keys on our own, pushing people to V4. There's more we can do (like taking
IDEA off the UI), but even if we were utterly radical and stopped generating
all V3 keys, we wouldn't stop decrypting messages with V3 keys. That's
ludicrous.
The people who don't have IDEA licenses and consequently don't have it now
would probably be the only ones who wouldn't do it after deprecating.
Deprecating is an official statement that no expansion should be made, and
contraction is good. It isn't dropping.
For example, for a long time in C, "=op" was allowed, but deprecated. (It
could be banned now, I don't know.)
If you wrote something like
i =- 1;
The compiler knew it was the same as
i -= 1;
But it would cluck its tongue at you and give you warnings about deprecated
features. I'm not suggesting there should be warnings, we should just start
making it clear that V3 keys are going away sometime between now and say
2010.
Jon