-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adam Back, at 12:01 -0400 on Thu, 3 Aug 2000, wrote:
> I beg to differ. The fastest way to get people to upgrade is if the
> new version works with the old version. There are still many pgp2.x
> users who don't upgrade because they then lose the ability to
> communicate with other 2.x users.
> Your proposal just perpetuates the problem.
My proposal is realistic in the face that RFC 2440 is the standard to
follow. One problem that people face today is that they still only think
there are 3 real classes of PGP implementations out there; PGP 2.x, PGP
5.x and above, and GnuPG. However, as more and more implementations
arise, the need for RFC 1990 users to abandon their implementations will
become more obvious.
People also think that the only difference between 2.x and OpenPGP
implementations it the algorithms used. Key formats have changed, the
message format has changed, compression algorithms, and a host of other
changes. To think that maintaining compatiblity is as simple as plugging
in RSA and IDEA is ridiculous.
Look at signed messages posted to BugTraq, or other widely-known lists.
The signatures are all made by OpenPGP-compatible implemenations. I would
argue the pressure should be placed on 2.x users, not blaming PGP Inc. or
GnuPG or the rest.
> The GNU ethic about not using IDEA, is counterproductive; that just
> means more poeple use IDEA, because they can't upgrade because it
> won't work if they do.
(while this paragraph does not make much sense to me, I'll try to reply)
Irregardless, the GNU ethic is about creating and promoting Free(tm)
software. Period. Any usage of IDEA would go contrary to it.
- --
Frank Tobin http://www.uiuc.edu/~ftobin/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (FreeBSD)
Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/
iEYEARECAAYFAjmJnGwACgkQVv/RCiYMT6MwsACfbw27PLFXn8hJ/0WmoeMqpDlg
be0AmgMLaZ7sCODr8DohZar0/qzJEwQt
=91f9
-----END PGP SIGNATURE-----
