On 08/20/2013 05:43 PM, Snehendu Ghosh wrote: > We are not expecting any of the third party will make any changes in > their side. That is the reason we want to go with the 1.2.1 version > to minimize the risk.
Although I certainly understand the desire to minimize risk, the possibility of being hit by one of the dozens of bugs that have been found in 1.2.1 (and fixed since) needs to be considered as well. GnuPG 1.4 has no trouble interoperating with 1.2.1. The OpenPGP specification (which GnuPG implements) includes the ability to discover what features the other party/parties support and to automatically use compatible features. > Now assume a scenario, where we implement 1.4 version in our to-be > system, encrypt a file with 1.4 version and send it to a third party. > We are not sure if that third party will able to do decryption using > a lower version. If you are not able to, that would strike me as a very serious bug in GnuPG and one that will be soon fixed. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
