On Wed, 10 Mar 2004 08:59:52 -0800 Ian Grigg <iang(_at_)systemics(_dot_)com>
wrote:
Florian Weimer wrote:
David Shaw wrote:
I'm all in favor of ignoring PGP 2 completely.
Gets my vote as well.
Keep in mind that PGP 2 is unsupported software with known security
flaws and rather unclear licensing conditions.
Also, small user base, and rather
expensive development ramifications.
PGP 2 was good when it was good, but
I think it's time to move on.
even as a long-time dedicated pgp 2 user,
i sort-of have to agree with all of you here ;-(
those of us who still want/insist on using pgp 2,
will continue to do so,
(and not as small a group as you imagine,
especially if you count all the remailers),
and don't really care about any of the open-pgp specs,
as it doesn't affect pgp 2 to pgp 2 usage
(i recently had an experience where i sent a signed and encrypted pgp
message to someone
{a fairly well known academic cryptographer who uses *only* pgp2.x, }
who sent my message back, unread, because the version line was later
than 2.x, with a note to re-send it in 2.x, even though the message was
*completely* 2.x compatible )
it is unfair to have Open-PGP standardizers and developers, bend over
backwards to accommodate pgp 2.x for users who don't really need or appreciate
it,
and whose crypto usage will remain largely un-affected,
while hindering advancements that might benefit everyone else ...
{that said, many of us are still holding on to our v3 keys,
at least till all the subkey signing issues are resolved ;-) }
vedaal
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427