There are also existing applications like the time stamper in England,
automated keyservers, mailer add-ins, and anonymous remailers which use
the 2.x formats, so the 'installed base' is more than just individual
users.
The point about old computers is particularly apt, and there are
mini-OSes
Another reason for PGP 2.x compatibility is that there are a lot of
old computers out there that will not run more modern versions. Many
of these machines find their way into 3rd-world countries and NGOs
where there is a life-and-death need for security.
Also there is a argument that these old
The problem is not necessarily in getting users of PGP 2.x to upgrade.
That will happen on its own. The problem is that users of PGP 2.x
have old keys and, worse, old DATA that is encrypted and signed in the
PGP 2.x formats using the PGP 2.x algorithms.
The point is not to be able to create new
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Adam Back, at 12:01 -0400 on Thu, 3 Aug 2000, wrote:
> I beg to differ. The fastest way to get people to upgrade is if the
> new version works with the old version. There are still many pgp2.x
> users who don't upgrade because they then lose the ab
Frank Tobin writes:
> My proposal is realistic in the face that RFC 2440 is the standard
> to follow. One problem that people face today is that they still
> only think there are 3 real classes of PGP implementations out
> there; PGP 2.x, PGP 5.x and above, and GnuPG. However, as more and
> mor
I beg to differ. The fastest way to get people to upgrade is if the
new version works with the old version. There are still many pgp2.x
users who don't upgrade because they then lose the ability to
communicate with other 2.x users.
If PGP Inc had done the right thing and made pgp5.x backwards
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Adam Back, at 23:31 -0500 on Wed, 2 Aug 2000, wrote:
> What about a GnuPG version which includes RSA and IDEA, by default so
> that once more all PGP users (2.x, 5.x, GnuPG) can all talk to each
> other.
There's more problems than just the algorithm
So as the RSA patent is expiring, and the PGP folks are pissed at RSA
for various underhand legal shenanigans, can we expect a PGP version
with RSA on by default, perhaps released midnight 20 September as a
ceromonial event at the party?
What about a GnuPG version which includes RSA and IDEA, by