1996-07-01 - Re: MacPGP 2.6.3 released

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: Zbigniew Fiedorowicz <fiedorow@math.ohio-state.edu>
Message Hash: 81b5fb36731a78c1b5bc160927e96600d312a9161ad0ef41bd9ed948ecc01e2e
Message ID: <199607010105.VAA30534@ihtfp.org>
Reply To: <v03007801adfcbf68bf6f@[]>
UTC Datetime: 1996-07-01 07:46:10 UTC
Raw Date: Mon, 1 Jul 1996 15:46:10 +0800

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 1 Jul 1996 15:46:10 +0800
To: Zbigniew Fiedorowicz <fiedorow@math.ohio-state.edu>
Subject: Re: MacPGP 2.6.3 released
In-Reply-To: <v03007801adfcbf68bf6f@[]>
Message-ID: <199607010105.VAA30534@ihtfp.org>
MIME-Version: 1.0
Content-Type: text/plain

>  2) When extracting multiple keys into an ascii file, the each key is
>     put separately into its own block, neatly labelled with the key id
>     and user ids.

I hope there is a way to put all the keys into a single key block.

>  5) It has an option for using SHA1 as the hashing algorithm for PGP
>     signatures, instead of MD5. (Dobbertin has recently made some
>     dramatic progress towards cryptanalyzing MD5. If he is successful,
>     this might call into question the reliability of PGP signatures
>     under certain circumstances.) This is an experimental feature
>     which is not compatible with earlier versions of PGP. 

This is ok...

>     (It is not compatible with the proposed standards of PGP 3.0
>     either. 

But I think this is a horrible mistable.  Besides the fact that there
is no "PGP 3.0" (there is "PGPlib", however), why isn't your code
compatible with the implementation that we're working on?  This can be
highly confusing when PGPlib comes out and messages signed with PGPlib
can't be verified by your code, and vice-versa.  Bad idea, Zig.

>     But 3.0 is supposed to be deliberately incompatible with
>     all 2.x versions to avoid the RSA patent issue.)

HUH?  Where did you get this faulty information?  PGPlib (as I said,
there is no PGP 3.0) will have full 2.6 support.  So, I don't know
where you heard this, but I would recommend you verify your
information with people close to the project before spreading more FUD