[Top] [All Lists]

Re: IDEA in v3-v4 conflict (was Re: OpenPGP at IETF-59 Draft Minutes #1)

2004-03-10 11:02:42

On Wed, 10 Mar 2004 08:59:52 -0800 Ian Grigg <iang(_at_)systemics(_dot_)com> 

Florian Weimer wrote:
David Shaw wrote:

I'm all in favor of ignoring PGP 2 completely.

Gets my vote as well.

Keep in mind that PGP 2 is unsupported software with known security
flaws and rather unclear licensing conditions.

Also, small user base, and rather
expensive development ramifications.

PGP 2 was good when it was good, but
I think it's time to move on.

even as a long-time dedicated pgp 2 user,
i sort-of have to agree with all of you here ;-(

those of us who still want/insist on using pgp 2, 
will continue to do so,
(and not as small a group as you imagine,
especially if you count all the remailers),
and don't really care about any of the open-pgp specs,
as it doesn't affect pgp 2 to pgp 2 usage

(i recently had an experience where i sent a signed and encrypted pgp
message to someone
{a fairly well known academic cryptographer who uses *only* pgp2.x, }
who sent my message back, unread, because the version line was later
than 2.x, with a note to re-send it in 2.x, even though the message was
*completely* 2.x compatible )

it is unfair to have Open-PGP standardizers and developers, bend over
backwards to accommodate pgp 2.x for users who don't really need or appreciate
and whose crypto usage will remain largely un-affected,
while hindering advancements that might benefit everyone else ...

{that said, many of us are still holding on to our v3 keys,
at least till all the subkey signing issues are resolved ;-) }


Concerned about your privacy? Follow this link to get
FREE encrypted email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program: