> I know this list doesn't deal with PGP, but since no else does either > any more, it seems like the best place to start.
Old versions of PGP were at least FOSS-friendly, if not FOSS themselves, so it's probably safe to discuss it here. :) > Do people (other than John Young) still use PGP? Why would someone want > to do that? You'd have to ask them. There are some reasons to keep using ancient versions of PGP, but why these specific people keep using ancient PGP is really a question for them and not this list. That said: 1. PGP 2.6 is *small*. The original PGP specification (RFC1991) is a small fraction of the size of the modern OpenPGP specification (RFC4880). When it comes to trustworthy code, small is beautiful. 2. PGP 2.6 is extremely well-audited. GnuPG and Symantec's PGP are both moving targets, but PGP 2.6 really hasn't changed in about 20 years. That gives a lot of confidence that its major bugs have been discovered. 3. PGP 2.6 is "good enough crypto". Modern OpenPGP adds a ton more capabilities, but for many users PGP 2.6 offers them just enough to do what they need. The small-is-beautiful camp tends to have a lot of overlap with the good-enough-crypto camp. ... All this being said, do I recommend PGP 2.6? Absolutely not: its dependency on MD5 alone should disqualify it. But that doesn't mean I don't understand some of the motivations of the people who keep using it. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
