[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MacPGP 2.6.3 released



>  2) When extracting multiple keys into an ascii file, the each key is
>     put separately into its own block, neatly labelled with the key id
>     and user ids.

I hope there is a way to put all the keys into a single key block.

>  5) It has an option for using SHA1 as the hashing algorithm for PGP
>     signatures, instead of MD5. (Dobbertin has recently made some
>     dramatic progress towards cryptanalyzing MD5. If he is successful,
>     this might call into question the reliability of PGP signatures
>     under certain circumstances.) This is an experimental feature
>     which is not compatible with earlier versions of PGP. 

This is ok...

>     (It is not compatible with the proposed standards of PGP 3.0
>     either. 

But I think this is a horrible mistable.  Besides the fact that there
is no "PGP 3.0" (there is "PGPlib", however), why isn't your code
compatible with the implementation that we're working on?  This can be
highly confusing when PGPlib comes out and messages signed with PGPlib
can't be verified by your code, and vice-versa.  Bad idea, Zig.

>     But 3.0 is supposed to be deliberately incompatible with
>     all 2.x versions to avoid the RSA patent issue.)

HUH?  Where did you get this faulty information?  PGPlib (as I said,
there is no PGP 3.0) will have full 2.6 support.  So, I don't know
where you heard this, but I would recommend you verify your
information with people close to the project before spreading more FUD
around.

Enjoy!

-derek