There are also existing applications like the time stamper in England,
automated keyservers, mailer add-ins, and anonymous remailers which use
the 2.x formats, so the 'installed base' is more than just individual
users.
The point about old computers is particularly apt, and there are
mini-OSes like picoBSD and so forth which could support the older
versions, ssh, abd a terminal program, all from a floppy.
Timestamper URL:
http://www.itconsult.co.uk/stamper.htm
On Thu, 3 Aug 2000, Arnold G. Reinhold wrote:
> Another reason for PGP 2.x compatibility is that there are a lot of
> old computers out there that will not run more modern versions. Many
> of these machines find their way into 3rd-world countries and NGOs
> where there is a life-and-death need for security.
>
> Also there is a argument that these old machines are significantly
> more secure than new equipment. The real threat to PGP security is
> clandestine software that captures and leaks your secret key.
> Bloatware (30-50 million lines of code in Windows 2000) has made any
> kind of independent OS security checking nearly impossible. BIOSs
> and CPU firmware have also grown enormously and offer room for all
> sorts of mischief. An old 68000 Mac or 8086 PC with no hard drive is
> a lot more trustworthy in my opinion, and can make a very effective
> crypto box.
>
> Arnold Reinhold
>
>
> At 3:58 PM -0400 8/3/2000, Derek Atkins wrote:
> >The problem is not necessarily in getting users of PGP 2.x to upgrade.
> >That will happen on its own. The problem is that users of PGP 2.x
> >have old keys and, worse, old DATA that is encrypted and signed in the
> >PGP 2.x formats using the PGP 2.x algorithms.
> >
> >The point is not to be able to create new messages that older
> >implementation can read (although I certainly wouldn't complain if
> >that actually happened). Rather, the point is to be able to access
> >all that old, encrypted data. I still use PGP 2.6 because I have
> >years worth of data encrypted and signed using PGP 2.6 formats, and I
> >don't want to lose the information. Some of the information is signed
> >by OTHER people, so just decrypting and re-encrypting isn't
> >sufficient.
> >
> >-derek
> >
> >Frank Tobin <[EMAIL PROTECTED]> writes:
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> Adam Back, at 12:01 -0400 on Thu, 3 Aug 2000, wrote:
> >>
> >> > I beg to differ. The fastest way to get people to upgrade is if the
> >> > new version works with the old version. There are still many pgp2.x
> >> > users who don't upgrade because they then lose the ability to
> >> > communicate with other 2.x users.
> >>
> >> > Your proposal just perpetuates the problem.
> >>
> >> My proposal is realistic in the face that RFC 2440 is the standard to
> >> follow. One problem that people face today is that they still only think
> >> there are 3 real classes of PGP implementations out there; PGP 2.x, PGP
> >> 5.x and above, and GnuPG. However, as more and more implementations
> >> arise, the need for RFC 1990 users to abandon their implementations will
> >> become more obvious.
> >>
> >> People also think that the only difference between 2.x and OpenPGP
> >> implementations it the algorithms used. Key formats have changed, the
> >> message format has changed, compression algorithms, and a host of other
> >> changes. To think that maintaining compatiblity is as simple as plugging
> >> in RSA and IDEA is ridiculous.
> >>
> >> Look at signed messages posted to BugTraq, or other widely-known lists.
> >> The signatures are all made by OpenPGP-compatible implemenations. I would
> >> argue the pressure should be placed on 2.x users, not blaming PGP Inc. or
> >> GnuPG or the rest.
> >>
> >> > The GNU ethic about not using IDEA, is counterproductive; that just
> >> > means more poeple use IDEA, because they can't upgrade because it
> >> > won't work if they do.
> >>
> >> (while this paragraph does not make much sense to me, I'll try to reply)
> >> Irregardless, the GNU ethic is about creating and promoting Free(tm)
> >> software. Period. Any usage of IDEA would go contrary to it.
> >>
> >> - --
> >> Frank Tobin http://www.uiuc.edu/~ftobin/
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.0.2 (FreeBSD)
> >> Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/
> > >
> > > iEYEARECAAYFAjmJnGwACgkQVv/RCiYMT6MwsACfbw27PLFXn8hJ/0WmoeMqpDlg
> > > be0AmgMLaZ7sCODr8DohZar0/qzJEwQt
> > > =91f9
> > > -----END PGP SIGNATURE-----
> > >
> > >
> >
> >--
> > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > Member, MIT Student Information Processing Board (SIPB)
> > URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
> > [EMAIL PROTECTED] PGP key available
>
>
>
