On Sun, 20 Jan 2002, John Gilmore wrote: > These days, PGP is effectively useless for interoperable email. If > you have not prearranged with the recipient, you can't exchange > encrypted mail. And even if you have, one or the other of you will > probably have to change your software, which will produce other ripple > effects if you are trying to talk to TWO different people or groups > using encrypted email.
Really, interoperability is not that bad. Aside from some rather obscure nits between implementations, every PGP implementation pretty much talks to every other one without any major problems. The biggest compatability barriers are PGP 2.6 users' inability to encrypt to v4 (the newer OpenPGP) keys, and GnuPG's lack of the IDEA algorithm. The former is solved either by PGP 2.6 users upgrading their PGP software to one that understands v4 keys (note that this doesn't mean they need to give up their older v3 (PGP 2.6-style) keys), or the other user generating a v3 key for use with 2.6 users. I use PGP on a regular basis for a large portion of my email, and rarely have I encountered this problem. Whenever this discussion comes up, someone inevitably insists that PGP 2.6 is in widespread use and PGP as a whole is flawed because 2.6 can't encrypt to the newer keys, but I just don't see this as a reality. The second problem is a less severe extension of the first problem, and used to be easily correctable by dropping in an IDEA algorithm module (which, unfortunately, seems to no longer exist on the GnuGP website). The Lack of IDEA in GnuPG makes it less friendly to those wishing to upgrade from PGP 2.6 or communicate with PGP 2.6 users, but again, this isn't noticeable by the majority of the users. The biggest problem with PGP is not an interoperability issue, but a UI issue. A secure email system should appeal to the casual user, and also be easily deployed by the casual user. Most email users don't understand how signatures work, why public key crypto really does, what signing keys and checking fingerprints are for, etc. Even if all versions of PGP had been designed perfectly the first time, interoperated with each other flawlessly, and had no bugs appear in them ever, this problem would still exist. PGP intentionally sacrifices usability for security. --Len. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
