Re: PGP GPG compatibility
Lucky Green writes: On Sat, 9 Feb 2002, Russell Nelson wrote: I think the only worthwhile way forward is to create a cryptographic email standard de novo, which is free of export, trademark, and patent problems. I believe such a standard already exists. It is called S/MIME. Best of all, this email encryption standard is supported out-of-the-box by the overwhelming majority of deployed MUA's in the world. Well, one of the things that PGP/GPG/OpenPGP got right is the web of trust model. Given that model, there is nothing preventing someone from imposing a certificate authority on top of that web. On the other hand, I know of know way to make S/MIME work without a certificate from an authority. -- -russ nelson http://russnelson.com | Crypto without a threat Crynwr sells support for free software | PGPok | model is like cookies 521 Pleasant Valley Rd. | +1 315 268 1925 voice | without milk. Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
Werner Koch writes: Things would get much better if a PGP 2 version with support for CAST5 would get more into use. [ etc. ] I know that you're working hard, Werner, but I believe that the recent few years have destroyed the PGP brandname. I think the only worthwhile way forward is to create a cryptographic email standard de novo, which is free of export, trademark, and patent problems. Date: Tue, 28 Nov 2000 21:22:18 -0500 (EST) To: [EMAIL PROTECTED] Subject: Is PGP broken? -- -russ nelson http://russnelson.com | Crypto without a threat Crynwr sells support for free software | PGPok | model is like cookies 521 Pleasant Valley Rd. | +1 315 268 1925 voice | without milk. Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
On Sat, 9 Feb 2002, Russell Nelson wrote: X-UID: 139934 Werner Koch writes: Things would get much better if a PGP 2 version with support for CAST5 would get more into use. [ etc. ] I know that you're working hard, Werner, but I believe that the recent few years have destroyed the PGP brandname. I think the only worthwhile way forward is to create a cryptographic email standard de novo, which is free of export, trademark, and patent problems. I believe such a standard already exists. It is called S/MIME. Best of all, this email encryption standard is supported out-of-the-box by the overwhelming majority of deployed MUA's in the world. -- Lucky Green [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
[EMAIL PROTECTED] writes: Things would get much better if a PGP 2 version with support for CAST5 would get more into use. [ etc. ] On Sat, 9 Feb 2002, Russell Nelson wrote: I know that you're working hard, Werner, but I believe that the recent few years have destroyed the PGP brandname. I think the only worthwhile way forward is to create a cryptographic email standard de novo, which is free of export, trademark, and patent problems. On 9 Feb 2002, at 22:36, Lucky Green wrote: I believe such a standard already exists. It is called S/MIME. Best of all, this email encryption standard is supported out-of-the-box by the overwhelming majority of deployed MUA's in the world. However, to make it work, everyone needs to get officially blessed keys, and manage those keys. I believe it would be fruitful to separate the secure email message formats (S/MIME vs PGP/MIME, or perhaps CMS vs OpenPGP) from the key trust mechanism (PKI CA vs PGP web of trust). In theory I cannot see why one decision need to affect the other, they could be orthogonal issues. Perhaps by reading the relevant standards creatively, a mailer sending S/MIME messages but uses a OpenPGP implementation locally is already possible. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
On Tue, 22 Jan 2002 16:28:17 +0100, Gilles Gravier said: Isn't it time GnuPG / PGP started offering AES as a standard algorithm? Since version 1.0.4 all keys are created with AES as top cipher preference. The snapshot version 1.0.6c allows to change preferences. If you encrypt to such a key and your application supports AES, it will be used. Ciao, Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
On 20 Jan 2002 21:46:35 -0500, Derek Atkins said: Question: How many users of PGP 2.x are still out there? If people have upgraded to more recent versions, then it's not quite as bad. OTOH, I have successfully interoperated with PGP 2.6 fairly recently. Things would get much better if a PGP 2 version with support for CAST5 would get more into use. We can't officially support IDEA for patent reasons in GnuPG; the next release comes with a --pgp2 option to bundle all the options needed for pgp 2 cmpatibility and furthermore you will get a warning if a message can't be encrypted in a PGP2 compatible way. There is a pgp 2 version by Disastry (http://disastry.dhs.org/pgp) which support all OpenPGP defined ciphers. Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
On Mon, 21 Jan 2002 16:02:07 +1300 (NZDT), Peter Gutmann said: There are already a number of S/MIME gateways which do exactly this. The most typical mode of operation is org-to-org, where all mail from an organisation is BTW, there is such a gateway for OpenPGP at ftp://ftp.gnupg.org/geam/ which can also be used for org-to-end-user etc. S/MIME support will come soon. Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
John Gilmore wrote: Brad Templeton has been kicking around some ideas on how to make zero-UI encryption work (with some small UI available for us experts who care more about our privacy than the average joe). That's an interesting article. I wrote Whisper (http://234.cx/whisper.php) as a different way of making crypto more usable. The idea is that you simply agree a pass phrase with the correspondent beforehand. You then encrypt your message with a small and hopefully bullet-proof program. It isn't innovative cryptographically, and that is the point -- hopefully it is simple enough that anyone with basic computer literacy can make it work. Of course the effect of Whisper is different to the zero-UI encryption. Whisper provides you with good security (subject to weak pass phrases and bugs), but you must agree a pass phrase beforehand. Zero-UI encryption is more vulnerable to active attacks on the network, but works with much less effort. One enhancement to the zero-UI model that I think might be worthwhile is automated key exchange ahead of the first message. So when Alice asks to email Bob, her computer first sends a message asking for Bob's key. When the reply is received, Alice's original message is taken out of the queue, encrypted and sent. This way the first message doesn't go across the network in the clear. If we don't want to add another round-trip time, we could make keys available from a key server. This would have the disadvantage that attackers could compromise the key server and replace the keys with false ones. However, this would be detected almost straight away if they could not modify communications going directly between Alice and Bob -- Bob would receive a message that he couldn't decrypt. Normally surveillance operations have to be kept secret so this kind of attack would be impractical. -- Pete - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
If you ask me GPG has as much to answer for in the non-interoperability problems with it's rejection of shipping IDEA with the default GPG as PRZ et al for deciding to not ship RSA. I tried arguing with PGP that if they wanted to phase out RSA use, the best way would be to support it: then more people would have upgraded to pgp5.x and started using new key types. Instead people continued to use PGP2.x in defense as it was the only thing which reliabily interoperated. It's understandable that PGP would have wanted to phase out RSA due to the trouble RSADSI caused with licensing of the RSA patent, but still the approach taken had predicatbly the opposite effect to that which they hoped to achieve. GPG on the other hand is simply wilfully damaging interoperability by putting their anti-patent stance over the benefit of PGP users. I know there are modules to add IDEA support but they're not shipped by default so most people don't use them. It seems that the result of GPG and PGP intentionally induced incompabilities has greatly reduced PGP use. I used to use PGP a lot, these days I use it a lot less, most uses induce all kinds of problems to the extent that most people resort to using plaintext. If the -pgp2 option implies that GPG will then ship with IDEA and that there is a way to request PGP2 compability that is a good step. However it should be possible to automatically select that option based on the public key parameters of the person you're sending to, which was if I recall the reason for the introduction of the new openPGP RSA format, so that a PGP2 generated RSA keys could be distinguished from openPGP keys, and compability could be maintained. Adam On Mon, Jan 21, 2002 at 09:35:24AM +0100, Werner Koch wrote: On 20 Jan 2002 21:46:35 -0500, Derek Atkins said: Question: How many users of PGP 2.x are still out there? If people have upgraded to more recent versions, then it's not quite as bad. OTOH, I have successfully interoperated with PGP 2.6 fairly recently. Things would get much better if a PGP 2 version with support for CAST5 would get more into use. We can't officially support IDEA for patent reasons in GnuPG; the next release comes with a --pgp2 option to bundle all the options needed for pgp 2 cmpatibility and furthermore you will get a warning if a message can't be encrypted in a PGP2 compatible way. There is a pgp 2 version by Disastry (http://disastry.dhs.org/pgp) which support all OpenPGP defined ciphers. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
Brad's point about writing encryption software for Windows, as you often write email to people who use Windows, so you know your email is safe on *both* ends, has merit, and if Windows was at all secure I'd agree, but... Another point about this type of zero-UI encryption is that you don't actually know if your email will be secure, or just sent in clear (if you have a flag to tell, it isn't zero-UI). A better idea is to minimise the UI, not bring it to zero. This has the disadvantage of making encrypted email less used, thus making encrypted traffic more of a target, but false security is worse than no security. I am writing m-o-o-t, which runs on a bootable CD and doesn't use Windows (OpenBSD based, same CD runs on PC's and Macs). You can only email another m-o-o-t user, though m-o-o-t does more than email. The email package is part of the system, and it doesn't allow even the stupidest or most intelligent user on either end to do anything insecure, within reason. It is transparent to the user except when needed, eg writing to a new correspondent (verify public keys) storing files (level of protection) or setting up (there are some things a new user must know). m-o-o-t will use something similar to Pete's message-keys-stored-on-a-server suggestion (actually DH keyparts), with the addition that the keyparts are signed. The 175-bit public signing key is included with every message, no long PGP strings, and I'm trying to convert the key to ascii art to make it more easily recognisable. Two shared keys are automatically and transparently set up for later communications, and the address book is updated. The shared keys are updated with each message. On a side note, there is no choice of cypher or protocol. The multiple cyphers and protocols used by PGP and GPG are the main cause of this thread! If encryption software writers can't decide which cypher to use they shouldn't be writing encryption software. As m-o-o-t is mainly designed for GAK resistance, all persistant keys (except some locally-used SFS keys) are used only for signatures. The use of persistant keys for encryption in both PGP and GPG make them unsuitable for GAK resistance, and if you haven't got GAK yet, you might get it someday, making all your present traffic insecure. -- Peter Fairbrother Pete Chown wrote: John Gilmore wrote: Brad Templeton has been kicking around some ideas on how to make zero-UI encryption work (with some small UI available for us experts who care more about our privacy than the average joe). http://www.templetons.com/brad/crypt.html That's an interesting article. I wrote Whisper (http://234.cx/whisper.php) as a different way of making crypto more usable. The idea is that you simply agree a pass phrase with the correspondent beforehand. You then encrypt your message with a small and hopefully bullet-proof program. It isn't innovative cryptographically, and that is the point -- hopefully it is simple enough that anyone with basic computer literacy can make it work. Of course the effect of Whisper is different to the zero-UI encryption. Whisper provides you with good security (subject to weak pass phrases and bugs), but you must agree a pass phrase beforehand. Zero-UI encryption is more vulnerable to active attacks on the network, but works with much less effort. One enhancement to the zero-UI model that I think might be worthwhile is automated key exchange ahead of the first message. So when Alice asks to email Bob, her computer first sends a message asking for Bob's key. When the reply is received, Alice's original message is taken out of the queue, encrypted and sent. This way the first message doesn't go across the network in the clear. If we don't want to add another round-trip time, we could make keys available from a key server. This would have the disadvantage that attackers could compromise the key server and replace the keys with false ones. However, this would be detected almost straight away if they could not modify communications going directly between Alice and Bob -- Bob would receive a message that he couldn't decrypt. Normally surveillance operations have to be kept secret so this kind of attack would be impractical. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
On Mon, Jan 21, 2002 at 08:50:22PM +, Adam Back wrote: GPG on the other hand is simply wilfully damaging interoperability by putting their anti-patent stance over the benefit of PGP users. I know there are modules to add IDEA support but they're not shipped by default so most people don't use them. It seems that the result of GPG and PGP intentionally induced incompabilities has greatly reduced PGP use. I used to use PGP a lot, these days I use it a lot less, most uses induce all kinds of problems to the extent that most people resort to using plaintext. If the -pgp2 option implies that GPG will then ship with IDEA and that there is a way to request PGP2 compability that is a good step. I don't believe this means GPG will ship with IDEA. The new GPG does, however, make things terribly obvious at to what needs to happen to enable IDEA by printing out a URL for a web page that explains the whole situation when IDEA is needed but not present. I'm not sure if that web page currently has a link to download the IDEA plugin, but (IMO) it should. The --pgp2 option requests PGP2 compatibility. It causes no harm to leave it enabled all the time, in which case it effectively gives you this: However it should be possible to automatically select that option based on the public key parameters of the person you're sending to, With --pgp2 set, GPG will be PGP2 compatible if at all possible, and if the user insists on doing something that would render the message not usable by PGP2, it prints a message explaining what the user did that was not compatible and warns that the message will not be usable by PGP2. Either way, the message should still be usable with GPG and PGP 6 7, of course. I am very concerned with interoperability issues using GPG. If someone is having a particular problem, I'd love to hear it so I can at least try to do something about it (I wrote the --pgp2 option as well). David -- David Shaw | [EMAIL PROTECTED] | WWW http://www.jabberwocky.com/ +---+ There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. - Jeremy S. Anderson - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
These days, PGP is effectively useless for interoperable email. If you have not prearranged with the recipient, you can't exchange encrypted mail. And even if you have, one or the other of you will probably have to change your software, which will produce other ripple effects if you are trying to talk to TWO different people or groups using encrypted email. PGP compatibility problems started with Phil Zimmermann's deliberate decision to eliminate compatibility with RSA keys. Once that problem existed, disabling communication with anyone who used PGP before late 1997, nobody else seemed to mind introducing all sorts of lesser incompatibilities, including many mere bugs. Having wrestled with these problems for years, my guess is that we need to abandon PGP and spec something else, probably in the IETF. (Perhaps we might be able to shortcut that process if the OpenPGP standards effort actually produces many compatible implementations including NAI's, and/or if NAI falls apart and every other implementation meets the IETF specs.) Note, however, that there are many things that OpenPGP doesn't do, making encrypted email still a pretty sophisticated thing to do. Brad Templeton has been kicking around some ideas on how to make zero-UI encryption work (with some small UI available for us experts who care more about our privacy than the average joe). http://www.templetons.com/brad/crypt.html John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
Actually, I've found it isn't quite that bad. Yes, there are some problems with some of the odd-man-out features. And yes, there are certainly problems that only get solved if users upgrade to PGP 6.5.8 or more recent versions of GPG. I will agree with your assessment of the origin of the problem. However I don't think it's quite as bad as you make it out to be -- I've been using PGP 6.5.8 successfully to talk to a few people. My biggest problem is that very few people actually use PGP. Question: How many users of PGP 2.x are still out there? If people have upgraded to more recent versions, then it's not quite as bad. OTOH, I have successfully interoperated with PGP 2.6 fairly recently. Then again, I still use my 1992-era RSA key (I should probably upgrade sometime soon). If all else fails, there is always S/MIME ;) -derek John Gilmore [EMAIL PROTECTED] writes: These days, PGP is effectively useless for interoperable email. If you have not prearranged with the recipient, you can't exchange encrypted mail. And even if you have, one or the other of you will probably have to change your software, which will produce other ripple effects if you are trying to talk to TWO different people or groups using encrypted email. PGP compatibility problems started with Phil Zimmermann's deliberate decision to eliminate compatibility with RSA keys. Once that problem existed, disabling communication with anyone who used PGP before late 1997, nobody else seemed to mind introducing all sorts of lesser incompatibilities, including many mere bugs. Having wrestled with these problems for years, my guess is that we need to abandon PGP and spec something else, probably in the IETF. (Perhaps we might be able to shortcut that process if the OpenPGP standards effort actually produces many compatible implementations including NAI's, and/or if NAI falls apart and every other implementation meets the IETF specs.) Note, however, that there are many things that OpenPGP doesn't do, making encrypted email still a pretty sophisticated thing to do. Brad Templeton has been kicking around some ideas on how to make zero-UI encryption work (with some small UI available for us experts who care more about our privacy than the average joe). http://www.templetons.com/brad/crypt.html John -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
John Gilmore [EMAIL PROTECTED] writes: Note, however, that there are many things that OpenPGP doesn't do, making encrypted email still a pretty sophisticated thing to do. Brad Templeton has been kicking around some ideas on how to make zero-UI encryption work (with some small UI available for us experts who care more about our privacy than the average joe). http://www.templetons.com/brad/crypt.html There are already a number of S/MIME gateways which do exactly this. The most typical mode of operation is org-to-org, where all mail from an organisation is routed through their corporate gateway anyway so it's a natural place to perform this operation. It works reasonably well, and is completely transparent to the end user (although org-to-org is rather easier to get going than end-user-to-end-user). The S/MIME WG has been working on a whole string of add-ons to basic S/MIME for handling this type of messaging, encrypted mailing lists, and assorted other useful stuff. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
On Tue, 15 Jan 2002 17:25:15 -0800, Will Price said: above is as well. That's like saying, have you stopped beating your wife? I would encourage some objectivity on that. Huh? Go to the gnupg-users lists archive and search for PGP problems. You will notice a couple of reports wrt PGP 7.0.3 - this is what I have described. I have not the time to dig out the messages for you as too much of my time is already spend to cope with all those little PGP bugs. It is really an annoying job which does not get easier by the verbosity of PGP's error messages ;-) At least they still don't understand version 4 signatures on data packets (only on keys). I had in mind that this was fixed some time ago, but obviously this isn't the case. I'm fairly sure we support that in 7.1.0 and up. According to Len this was indeed fixed in 7.0 but it seems that it was dropped in later versions. I have not seen any message from 7.1. That's not the only problem with text mode signatures. International characters present an even larger challenge. Most of this is not RFC2440 - 5.9. Literal Data Packet (Tag 11) A Literal Data packet contains the body of a message; data that is not to be further interpreted. So there are no conversion issues here. Unless textmode is used - which IMHO should be dropped entirely for clearness of protocol layering. But we should not discuss it here. don't handle it well either. Going forward, UTF8 migration is likely to cause some growing pains for everybody. Not unlikely for Windows or KDE who are using UCS-2. It is a mystery to us as well what happened with that... We were ready to proceed, but we were not the organizer so it was out of our My feeling is that the proprietary vendors are not interested in OpenPGP due to the fact that S/MIME does better feed the PKI cash cow. Well the trademark PGP is a different story and probably good to sell other products. Ciao, Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
On 3 Jan 2070, at 9:41, Nicholas Brawn wrote: What's the state of the game with PGP and GPG compatibility? Interesting question. I'm using PGP 6.5.8 for my professional confidential e-mails and sometimes I get complaints from GnuPG users saying they can't use my Pubkey. Currently I'm preparing an article on Internet security issues related to the businesses of attorneys-at-law and patent attorneys. In this context, it is already a hard job to promote usage of e-mail encryption, and such incompatibilities between various versions of PGP and GnuPG marke it even harder. Is there any URL available where I might get more detailed info? Thanks. Regards, Axel H Horns -- Patentanwalt Dipl.-Phys. Axel H Hornse-Mail [EMAIL PROTECTED] Web www.ipjur.com Voice ++49.89.30630112 Fax ++49.89.30630113 My PGP RSA Key ID = 0xD8433289 http://www.ipjur.com/pubkey.php3 PGP Pubkey Fingerprint C5D2 5E53 D241 4988 17E4 904D 9467 31BC - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
On Sat, 3 Jan 1970 09:41:26 +1000, Nicholas Brawn said: What's the state of the game with PGP and GPG compatibility? According to the bug reports I receive for GnuPG, it seems that even the latest versions of PGP (7.0.3?) are still not OpenPGP compatible. At least they still don't understand version 4 signatures on data packets (only on keys). I had in mind that this was fixed some time ago, but obviously this isn't the case. There is a problem wrt text mode signatures: no agreement was found on what a line ending consists of. PGP translates a CR inside a line (well, what most non Apple programmers consider a line ending) into a CR,LF sequence for hashing. The proper solution is not to use textmode signatures except for cleartext signed messages. About two years ago we agreed on a way to implement MDC and defined new packet types for it. I did some tests with Hal Finney and it used to work. The OpenPGP draft was later changed to introduce key flags and use one to enable MDC mode. However, GnuPG uses MDC mode with all ciphers of a block length other than 64 bits (i.e. Twofish and AES*). The draft has still not been released as a new RFC so this may change again :-(. The flaw in the secret key protection mechanism was discussed for a short time but it seems that nobody is willing to continue with this. I made several suggestion on how to do it. Interoperability tests should have happened last summer but for unknown reasons they didn't. It is very sad to see that after 3 years we have not achieved to get OpenPGP into draft status :-(. Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
On Tue, 15 Jan 2002 09:42:32 +0100, Axel H Horns said: I'm using PGP 6.5.8 for my professional confidential e-mails and sometimes I get complaints from GnuPG users saying they can't use my Pubkey. So, you can't decrypt the attached message? Or does this problem only occur with another key? I have never received a bug report regarding such a problem. BTW, even NAI says that PGP (before 7.0) is not OpenPGP compliant. Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus x Description: Binary data
Re: PGP GPG compatibility
Is there even development on the PGP (product) line? AFAIK they (NAI) have not release PGP 7.x in source form. Worse, there are a couple of bugs I found in 6.5.8 when I was porting it to Tru64, but who knows if anyone is listening over at NAI. It's a sad state of affairs. Perhaps I should go into PGP consulting, but I don't know if anyone would pay me to support PGP for them -derek Werner Koch [EMAIL PROTECTED] writes: On Sat, 3 Jan 1970 09:41:26 +1000, Nicholas Brawn said: What's the state of the game with PGP and GPG compatibility? According to the bug reports I receive for GnuPG, it seems that even the latest versions of PGP (7.0.3?) are still not OpenPGP compatible. At least they still don't understand version 4 signatures on data packets (only on keys). I had in mind that this was fixed some time ago, but obviously this isn't the case. There is a problem wrt text mode signatures: no agreement was found on what a line ending consists of. PGP translates a CR inside a line (well, what most non Apple programmers consider a line ending) into a CR,LF sequence for hashing. The proper solution is not to use textmode signatures except for cleartext signed messages. About two years ago we agreed on a way to implement MDC and defined new packet types for it. I did some tests with Hal Finney and it used to work. The OpenPGP draft was later changed to introduce key flags and use one to enable MDC mode. However, GnuPG uses MDC mode with all ciphers of a block length other than 64 bits (i.e. Twofish and AES*). The draft has still not been released as a new RFC so this may change again :-(. The flaw in the secret key protection mechanism was discussed for a short time but it seems that nobody is willing to continue with this. I made several suggestion on how to do it. Interoperability tests should have happened last summer but for unknown reasons they didn't. It is very sad to see that after 3 years we have not achieved to get OpenPGP into draft status :-(. Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
Is there even development on the PGP (product) line? AFAIK they (NAI) have not release PGP 7.x in source form. Worse, there are a couple of bugs I found in 6.5.8 when I was porting it to Tru64, but who knows if anyone is listening over at NAI. Years ago I bought a few copies of commercial PGP with support. I sent in three separate bug reports, some of them dead simple to reproduce, and never got anything back except placebo talk. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
Werner Koch wrote: According to the bug reports I receive for GnuPG, it seems that even the latest versions of PGP (7.0.3?) are still not OpenPGP compatible. No, the latest version for Win32 is 7.1.1, and for MacOS 9 it is 7.1.0. I think it should be pointed out what a loaded statement the above is as well. That's like saying, have you stopped beating your wife? I would encourage some objectivity on that. At least they still don't understand version 4 signatures on data packets (only on keys). I had in mind that this was fixed some time ago, but obviously this isn't the case. I'm fairly sure we support that in 7.1.0 and up. There is a problem wrt text mode signatures: [..] That's not the only problem with text mode signatures. International characters present an even larger challenge. Most of this is not PGP/GPG's problem technically. The plethora of mail clients out there don't handle it well either. Going forward, UTF8 migration is likely to cause some growing pains for everybody. Interoperability tests should have happened last summer but for unknown reasons they didn't. It is very sad to see that after 3 years we have not achieved to get OpenPGP into draft status :-(. It is a mystery to us as well what happened with that... We were ready to proceed, but we were not the organizer so it was out of our hands. Derek Atkins wrote: Is there even development on the PGP (product) line? Well, yes, but see: http://www.pgp.com/other/jump/customer-faq.asp The products you know as PGP are in a maintenance mode until a transition agreement is developed with a purchasing vendor. So, we currently are in the process of working through that. We just released PGP 7.1.1 last week, so development does continue in the meantime. AFAIK they (NAI) have not release PGP 7.x in source form. Not true. See: http://www.pgp.com/downloads/pgpsdk-agreement.asp The SDK (which still includes little bits of your code Derek, and all other crypto/network/passphrase and even all the UI code which interacts with the crypto related code) has been published up through 7.1.1. The Windows GUI was last published at 6.5.8. Worse, there are a couple of bugs I found in 6.5.8 when I was porting it to Tru64, but who knows if anyone is listening over at NAI. I don't know who you sent these to. You could always have sent diffs directly to me to make sure they get handled. The official address for these things remains [EMAIL PROTECTED] I am on that list so you couldn't have sent it to that one either since I haven't seen any diffs from you ever as far as I can recall. I think people used to get better support when I personally answered [EMAIL PROTECTED] I stopped providing that service due to lack of time, and I'm afraid that PGP support went out the window. From my perspective, NAI never provided any support for PGP -- even when I submitting patches, they would ignore them. It's always nice to find people willing and able to provide support for free. In the real world, that rarely happens even for free products (Cygnus, etc.). Outside firms have rated our PGP support 6.3 out of 7 based on customer surveys. Mind you, the people surveyed are the people who pay for the software. Our support really is quite good for enterprise customers, but admittedly can be considered weak or non-existent for freeware users. Without a support contract, I can see how some people could find PGP support frustrating. Many of our developers lurk in PGP newsgroups/mailing lists though and regularly help users out there on an informal basis. A few weeks ago, I spent over $30 on a support call to Intuit. I was incensed! I almost paid more to ask them why it doesn't work than I did to buy their product. On the other hand, I don't see how else they could do it and still make money. I don't really see any great solutions to mass consumer tech support, and frankly there isn't much of a paying market among consumers anyway. So, I applaud all those who offer free support, I do it myself quite often, but there's only so much time in a day. Side note, this may all be a moot point if a transition agreement with a purchasing vendor is not worked out RSN. -- Will Will Price, Director of Engineering PGP Security, Inc. a division of Network Associates, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
Will Price [EMAIL PROTECTED] writes: The SDK (which still includes little bits of your code Derek, and all other crypto/network/passphrase and even all the UI code which interacts with the crypto related code) has been published up through 7.1.1. The Windows GUI was last published at 6.5.8. Does this include the Unix CLI? (And yes, I know a lot of my code is in there.. I was amused when I ported 6.5.8 to Tru64. I was also surprised (but relieved) at the re-write of the Ascii Parser). Worse, there are a couple of bugs I found in 6.5.8 when I was porting it to Tru64, but who knows if anyone is listening over at NAI. I don't know who you sent these to. You could always have sent diffs directly to me to make sure they get handled. The official address for these things remains [EMAIL PROTECTED] I am on that list so you couldn't have sent it to that one either since I haven't seen any diffs from you ever as far as I can recall. I sent patches to [EMAIL PROTECTED] Is [EMAIL PROTECTED] documented anywhere? The particular bug is the COMMENT handling in the binary parser. Side note, this may all be a moot point if a transition agreement with a purchasing vendor is not worked out RSN. So, um, what happens then? If NAI cannot find a buyer, will they bury the code? Or will NAI donate the code to the OpenSource community? If they cannot find a buyer will they relinguish the commercial rights to the OpenSource version (i.e. so that commercial entities can use the freeware)? -- Will Will Price, Director of Engineering PGP Security, Inc. a division of Network Associates, Inc. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
PGP GPG compatibility
What's the state of the game with PGP and GPG compatibility? Nick -- Real friends help you move bodies. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]