Actually, I've found it isn't quite that bad. Yes, there are some problems with some of the odd-man-out features. And yes, there are certainly problems that only get solved if users upgrade to PGP 6.5.8 or more recent versions of GPG.
I will agree with your assessment of the origin of the problem. However I don't think it's quite as bad as you make it out to be -- I've been using PGP 6.5.8 successfully to talk to a few people. My biggest problem is that very few people actually use PGP. Question: How many users of PGP 2.x are still out there? If people have upgraded to more recent versions, then it's not quite as bad. OTOH, I have successfully interoperated with PGP 2.6 fairly recently. Then again, I still use my 1992-era RSA key (I should probably upgrade sometime soon). If all else fails, there is always S/MIME ;) -derek John Gilmore <[EMAIL PROTECTED]> writes: > These days, PGP is effectively useless for interoperable email. If > you have not prearranged with the recipient, you can't exchange > encrypted mail. And even if you have, one or the other of you will > probably have to change your software, which will produce other ripple > effects if you are trying to talk to TWO different people or groups > using encrypted email. > > PGP compatibility problems started with Phil Zimmermann's deliberate > decision to eliminate compatibility with RSA keys. Once that problem > existed, disabling communication with anyone who used PGP before late > 1997, nobody else seemed to mind introducing all sorts of lesser > incompatibilities, including many mere bugs. > > Having wrestled with these problems for years, my guess is that we > need to abandon PGP and spec something else, probably in the IETF. > (Perhaps we might be able to shortcut that process if the OpenPGP > standards effort actually produces many compatible implementations > including NAI's, and/or if NAI falls apart and every other > implementation meets the IETF specs.) > > Note, however, that there are many things that OpenPGP doesn't do, > making encrypted email still a pretty sophisticated thing to do. > Brad Templeton has been kicking around some ideas on how to make > zero-UI encryption work (with some small UI available for us experts > who care more about our privacy than the average joe). > > http://www.templetons.com/brad/crypt.html > > John > -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH [EMAIL PROTECTED] PGP key available --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
