 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Derek Atkins wrote: > >>"E. William Horne" <bill at stalwart.ne.mediaone.net> wrote: > >[snip] > >> Please take the time to supply the list with a comparison chart for the >> various versions of PGP/GPG now available, including interoperable systems >> that are not in the PGP family. > >It's actually fairly simple. There was a split between PGP 2.x and >PGP 5.x. (I'm discounting the split at PGP 2.3a | PGP 2.5). The >later versions of PGP can read all the older messages, but the older >versions can not necessarily read the newer messages. What really >matters are the algorithms. PGP 2.x only supports RSA/MD5/IDEA. >Later versions support a wider range. If you match algorithms then >you can interoperate. > >The issue with GPG is that by default it only supports "free" >algorithms. Because IDEA is patented, it doesn't come with GPG by >default. There is a module to add IDEA support, and you need to get >that module in order to interoperate with older versions of PGP. > >> I'm particularly interested in integration with S/MIME, the availability >> and usefullness of Verisign/Thwarte keys, and ways to make the system(s) >> transparent to end users, especially those of us whom use Lotus Notes at >> our jobs and need to interoperate with other companies. > >S/MIME is a completely different beast, and is non-interoperable with >PGP. It's like apples and oranges. There is PGP-MIME, which performs >the same tasks as S/MIME but it uses PGP instead of the S/MIME syntax. >I don't think that Verisign or Thwarte[sic] actually sign PGP keys, >only X.509 keys, so I don't think you can use those certificates >directly with PGP [ note: there has been some work to get x.509 keys >into PGP, but it is unclear how "standard" that is ]. > >Integration really is the issue, and it's a hard one. Some applications >just don't allow for easy integration. > >At this point in time there is no good answer. I know that isn't what >you want to hear, but it's all I can give you at the moment. > >I'd certainly be willing to put some time into an integration effort, >provided someone was footing the bill ;) > >> Thanks in advance. > >I hope this helps (and feel free to forward this back to the list) Derek, Thanks for your explanation. I'll go to the well one more time, and ask that you/the list broaden the discussion to include X.509 certificate signing and ask the list if the BLU should get involved with that. While I realize the PGP/GPG is a separate system than the X.509 model, I'm trying to find ways to make both interoperate. If that means writing Java to plug into Netscape, or other ways to make PGP/GPG transparent to end users, then that's what I'm after. HTH. I'll put "Thawte" into my spell checker ;-J. Bill Horne
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
