Re: Babel (Re: on the state of PGP compatibility)
-- On 1 Apr 2002 at 8:49, Curt Smith wrote: And James, although the best standard may win, a lack of viable alternatives is unhealthy. We have an oversupply, not an undersupply, of viable alternatives. The reason for all the collisions and incompatibilities is feature creep, and the reason for feature creep is that people actually do want features. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG puD3/Kt5AL3eomyNNzJU/0wvAuptW67fqq98AG/6 4VLTXt8WDT7UcHmJFMp1U0RPw6cCIGB6KAQx/hD0V
Re: Babel (Re: on the state of PGP compatibility)
sMIME will always be hampered by Certificate Authority issues. PGP is large and complex. Version problems are bound to increase as some users will remain divided between PGPdesktop, PGPfreeware, and OpenPGP. Still others will want historic versions or ckt builds. Older versions are limited by key sizes and algorithm selections, while newer versions are prone to version problems. Simple 3rd Party options are important and must always be available.. I am developing a free program and simple specification - http://www.opencrypto.com - that integrates public key crypto into a basic SMTP program. I agree with Tim that it is perhaps best to settle on a single assymetric algorithm (RSA/DH/EC) and a single symmetric algorithm (3DES/AES/2FISH). Perhaps as every 2 to 5 years the algorithms could be replaced or key lengths increased (if necessary), without adding a extensive feature or significant complexity. And James, although the best standard may win, a lack of viable alternatives is unhealthy. --- [EMAIL PROTECTED] wrote: On 31 Mar 2002 at 10:03, Tim May wrote: And so now PGP (or GPG) use is utterly balkanized, utterly useless. [...] Is there a solution? I would think that a keep it simple, stupid strategy is needed: Forget the hooks into popular mailers (Eudora, Outlook, Entourage), forget the OS X versions of GPG, forget the Red Hat, Mandrake, SuSE, Windows XP, etc. versions. If PGP options have grown beyond human comprehension, perhaps everyone could use my software, which is as simple as you can get with a windows interface. http://www.echeque.com/Kong However, I predict that most people will wind up using RFC2440 (OpenPGP) compliant code. An RFC and source code is far from utter balkanization and utter uselessness. In due course, the best standard will win. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG uR++DP8NV5KuKFCaDraZEp6VTZQcmTqZI5aotgTD 4KXzf6dt2b3+U2MX665Iy8h+EFpHj6Vw0HKjMhvoy __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/
Re: Babel (Re: on the state of PGP compatibility)
From: Curt Smith [EMAIL PROTECTED] I am developing a free program and simple specification - http://www.opencrypto.com Hmm... Delphi programmer. That's a plus :) The minus is in these lines (nevermind the typos, although this is your presentation page, so you could have used a spellchecker): I advocate secure messaging using very strong public keys, in combination with moderately strong session keys. This prevents casual easedropping by unintended recipents, without jeapardizing national and international security. It is the best stategy to gain the acceptance of world governments and win the support of patriotic-minded citizens and corporations, thereby protecting free speech and privacy for the masses, as technology, business, and government erode anonymity. I feel that the new U.S. cryptography regulations regarding distribution of open source cryptography are reasonable, and encourage cryptography programmers to support these rules and promote similar relaxed regulation internationally.
Re: Babel (Re: on the state of PGP compatibility)
sMIME will always be hampered by Certificate Authority issues. PGP is large and complex. Version problems are bound to increase as some users will remain divided between PGPdesktop, PGPfreeware, and OpenPGP. Still others will want historic versions or ckt builds. Older versions are limited by key sizes and algorithm selections, while newer versions are prone to version problems. Simple 3rd Party options are important and must always be available.. I am developing a free program and simple specification - http://www.opencrypto.com - that integrates public key crypto into a basic SMTP program. I agree with Tim that it is perhaps best to settle on a single assymetric algorithm (RSA/DH/EC) and a single symmetric algorithm (3DES/AES/2FISH). Perhaps as every 2 to 5 years the algorithms could be replaced or key lengths increased (if necessary), without adding a extensive feature or significant complexity. And James, although the best standard may win, a lack of viable alternatives is unhealthy. --- [EMAIL PROTECTED] wrote: On 31 Mar 2002 at 10:03, Tim May wrote: And so now PGP (or GPG) use is utterly balkanized, utterly useless. [...] Is there a solution? I would think that a keep it simple, stupid strategy is needed: Forget the hooks into popular mailers (Eudora, Outlook, Entourage), forget the OS X versions of GPG, forget the Red Hat, Mandrake, SuSE, Windows XP, etc. versions. If PGP options have grown beyond human comprehension, perhaps everyone could use my software, which is as simple as you can get with a windows interface. http://www.echeque.com/Kong However, I predict that most people will wind up using RFC2440 (OpenPGP) compliant code. An RFC and source code is far from utter balkanization and utter uselessness. In due course, the best standard will win. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG uR++DP8NV5KuKFCaDraZEp6VTZQcmTqZI5aotgTD 4KXzf6dt2b3+U2MX665Iy8h+EFpHj6Vw0HKjMhvoy __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/
Re: Babel (Re: on the state of PGP compatibility)
From: Curt Smith [EMAIL PROTECTED] I am developing a free program and simple specification - http://www.opencrypto.com Hmm... Delphi programmer. That's a plus :) The minus is in these lines (nevermind the typos, although this is your presentation page, so you could have used a spellchecker): I advocate secure messaging using very strong public keys, in combination with moderately strong session keys. This prevents casual easedropping by unintended recipents, without jeapardizing national and international security. It is the best stategy to gain the acceptance of world governments and win the support of patriotic-minded citizens and corporations, thereby protecting free speech and privacy for the masses, as technology, business, and government erode anonymity. I feel that the new U.S. cryptography regulations regarding distribution of open source cryptography are reasonable, and encourage cryptography programmers to support these rules and promote similar relaxed regulation internationally.
Re: Babel (Re: on the state of PGP compatibility)
-- On 31 Mar 2002 at 10:03, Tim May wrote: And so now PGP (or GPG) use is utterly balkanized, utterly useless. [...] Is there a solution? I would think that a keep it simple, stupid strategy is needed: Forget the hooks into popular mailers (Eudora, Outlook, Entourage), forget the OS X versions of GPG, forget the Red Hat, Mandrake, SuSE, Windows XP, etc. versions. If PGP options have grown beyond human comprehension, perhaps everyone could use my software, which is as simple as you can get with a windows interface. http://www.echeque.com/Kong However, I predict that most people will wind up using RFC2440 (OpenPGP) compliant code. An RFC and source code is far from utter balkanization and utter uselessness. In due course, the best standard will win. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG uR++DP8NV5KuKFCaDraZEp6VTZQcmTqZI5aotgTD 4KXzf6dt2b3+U2MX665Iy8h+EFpHj6Vw0HKjMhvoy
Re: Babel (Re: on the state of PGP compatibility)
-- On 31 Mar 2002 at 10:03, Tim May wrote: And so now PGP (or GPG) use is utterly balkanized, utterly useless. [...] Is there a solution? I would think that a keep it simple, stupid strategy is needed: Forget the hooks into popular mailers (Eudora, Outlook, Entourage), forget the OS X versions of GPG, forget the Red Hat, Mandrake, SuSE, Windows XP, etc. versions. If PGP options have grown beyond human comprehension, perhaps everyone could use my software, which is as simple as you can get with a windows interface. http://www.echeque.com/Kong However, I predict that most people will wind up using RFC2440 (OpenPGP) compliant code. An RFC and source code is far from utter balkanization and utter uselessness. In due course, the best standard will win. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG uR++DP8NV5KuKFCaDraZEp6VTZQcmTqZI5aotgTD 4KXzf6dt2b3+U2MX665Iy8h+EFpHj6Vw0HKjMhvoy
