[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PGP 2.6 ???




What's the story with PGP 2.6? I haven't (yet) gotten any hard
information about it -- is there mail I should have gotten but didn't?

I'm sure glad MIT put out 2.5, before putting out 2.6. It
would have been much worse if they went right to 2.6. It
does seem fortuitous that 2.5 ever got released at all, or
am I missing something?

This whole process backs up the point that the whole cryptography
infrastructure is important. Maybe the world will split into 2.6+
and 2.5- camps, with the 2.6+ camps being locked onto a bandwagon
they can't get off of. Maybe all software in the future will have
2.6+ built into it, making life really unmanagable for the dwindling
2.5- crowd[sic]. How can you get cryptography to the masses when
they all have Clipper? You can't -- if it gets that bad, we've
lost the battle (although we can keep our own antique 2.5- copy
if we want to, as a relic from the "good old days").

I'd bet that 2.6 doesn't have a backdoor in it, but that 2.7 or
2.8 or 3.9 or 123.456 eventually will...

And, as I pointed out before, if the world gets saddled with a key
length restriction in whatever evolves to become the standard,
eventually that will be equivalent to a back door.

Maybe I'm too pessimistic, but how can we fight the infrastructure
battle? I'm sore afraid that our brand of crypto is like trying to
peddle a new OS to compete with Unix/NT/... -- it just ain't real
easy to displace a "standard", flawed though it may be...

Any ideas are welcome -- I'm just running a little low now.

-- 
[email protected] (David Taffs)