Hello,
I'm calling myself a "newbie" with regards to PGP/GPG even though I've through
my own
ignorance and incompetence orphaned keys back as far as September 1997. One day
my brain may, if I am lucky, reconnect with their corresponding passphrases so
that
I can revoke them. I'm guessing there is a very large number of orphaned keys
in the PGP universe.
I've read about PGP in Chey Cobb's "Cryptography for Dummies" and PGP/GPG in
Michael W. Lucas'
"PGP & GPG: email for the practical paranoid". Also, I've used gnupg.pdf as a
reference but have
yet to digest all of its 148 pages.
I live under the cloud of the virus a.k.a. Windows [XP, Vista, Server 2003,
Server 2008].
gpg (GnuPG) 1.4.9
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8),
AES256 (S9), TWOFISH (S10)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),
SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)
Although there are GUI environments available, for the present, I am sticking
with GnuPG and its
various command line tools until I understand them sufficiently to warrant
investigating GUI tools.
The former MIT GUI distribution never integrated very well with Outlook
Express, at least,
that was my experience. This is a second reason why I prefer command line
tools.
QUESTION # 1: There seems to currently exist TWO forces in the PGP universe:
(a) GPG -- GnuPG (OpenPGP initiative)
(b) PGP -- PGP Corporation.
To what extent are their goals aligned? More
specifically, since (b) is a corporation
which is driven by the profit motive and (a) would
like to make a reasonable living
but is likely more open than the average corporate
culture, it's likely more in the
interested of (b) to succeed in being universal
but not too universal, i.e., to some
degree, (b) could grab more market share by being
somewhat proprietary.
OTOH, it's possible AFAIK that (a) could not
succeed without being 100%
compatible with (b).
QUESTION # 2: I have looked at http://www.biglumber.com/ ...
http://biglumber.com/x/web?va=1:
"Total of 3190 listings (3107 people [442 with
images], 83 events) in 79 countries and 1144 cities."
613 listings are expired; even if the 613 listings
are NOT part
of the 3190 listings, "biglumber" is not very much
in use.
http://pgp.mit.edu/ has been around for many
years. It's possibly a better
indicator of how many keys their are ... sadly, it
does not appear to offer
much in the way of statistics. OTOH, I almost
never receive even PGP
signed e-mails. I spoke with a senior I.T. person
recently who was
not even aware of PGP technology.
To what extent is GPG/PGP technology being used by
e-mail users?
I'm guessing it must be less than 1% based on the
many 1000's of
e-mails that I have received each month over the
last decade.
I'll have more questions and I hope comments that you'll find useful later.
Thank you for your opinions.
Regards,
Gerry (Lowry)