Robert J. Hansen: > On 6/26/2014 5:57 PM, Daniel Kahn Gillmor wrote: >> PGP 8 was released over a decade ago, that's hardly a modern >> implementation: > > And yet, it still conforms (largely) to RFC4880. Methinks you're > objecting because it's a largely-conforming implementation that doesn't > have good support for SHA256. ;) > >> In what ways is its support for SHA-256 limited? I'm having a hard >> time finding documentation for it. > > If I recall correctly, it can understand SHA-256 but not generate > SHA-256. SHA-256 generation support was added late in the 8.x series, > but earlier 8.x releases could understand it. > >> How many people use it? > > It's not as if there are Nielsen ratings for these things. All I can do > is say that I still regularly encounter it when I talk to people about > PGP. For instance, I know of one law firm that purchased a site license > for 8.x and refuses to upgrade, since the more recent editions cost a > fortune in per-seat licenses and have very little in the way of new > functionality.
i think the point daniel is making is that there is freely available software which is actively maintained and receives security updates and is not a decade old any modern OS can utilise thunderbird + enigmail as an example there's great work done to bring gnupg to windows with gpg4win why *wouldn't* you use it ? is it really a case of obdurateness, "if it ain't broke don't fix it," or an unwillingness to use and get accustomed to something new and/or different, perhaps a new gui - look, i completely sympathise with the latter especially for older people if i may generalise if you're a windows user you'll have to upgrade after 10 years if you want to keep safe or pay ($) for it; ok, now i sympathise with people not wanting a new gui with windows 8 > >> Why should anyone cater to users of PGP 8.x in 2014 when we have an >> opportunity to provide a stronger cryptographic baseline for everyone >> else? > > Because there are still people using it. see above the don't *have* to but, sure, they *can* > > Remember, GnuPG also supports most of RFC1991 because we've got a large > base of PGP 2.6 users who are refusing to upgrade... > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users