OT: PGP, commercial product vs opensource stuff - viability/usability

Sun Oct 30 13:24:00 PST 2005

We are about to *buy* PGP. Reasons... simple, we were told if we gather the
source and make our own version for either SCO or Windows... we will have
"limited to no success".  Exact words.  I am certainly capable of doing the
make. Okay, let's put a "we" there instead of "I"... These days, being a
decade after I last stop making every damn thing I needed in the world, I
would most probably rely on others when hit with snags... especially on O/S
5.6 where they abound. We are not yet fully on O/S 6 for other reasons.  In
any case if hearing from the developer/owner of PGP that even once we get a
good compile there would be problems with making things work all the time...
and no support from them, I begin to wonder why I want to go the opensource
route yet again. Why? Well, one reason might be that the price/retail (and
it's not much better through dealers) is $3,150 for one partnership key,
send and receive. To add another partner is another $3,150. To buy an
unlimited version (both send and receive) is $7,500... and there is
absolutely NO upgrade path from one to the other. Should we by a 1 partner
version first, the full price would be expected to ever go to unlimited
partners. This is a pretty good hook and I wish I could do something like
this on products I sell, it almost mandates buying the higher priced item. I
guess I have to say kudos on good marketing technique.

By the way, this all refers to command-line PGP... which for obvious reasons
is the only type we would want. (For those who don't know why I say
"obvious". The other flavors (seemingly every other version) all are GUI
type things that you must physically enter and select a manual
encryption/decryption of your file every time you want to use it. Our
procedures have to be automated, again for obvious reasons... this time no
explanation. :-)

We will be doing encrypted FTP both send and receive along with some
encrypted email stuff in the bargain.

I'm just questioning if what we are being told is right or even makes sense.
I don't mind paying the going price for any product (and expecting the
associated support), but jeez, this seems REALLY high for a (what I might
call) simple encryption algorithm. Perhaps, I'm wrong, both about the simple
and the high price... but this is just my HO. The meat of the question I'm
asking has two few aspects. First, can we know if they are being honest and
up front about us having problems even once we have successfully compiled
the opensource thing? Two, sort of the same, but slightly different... are
they inferring that people who BUY the commercial product (like *our* huge
trading partners) will have something slightly *different* in the way of the
process/methodology/algorithm, etc.?  Are they hinting that they know
something we don't know, and the entire excursion for us (which is
extremely, time sensitive - like hours away) would be a big waste of time?
(In this, I am reminded of how in the olden days, things like free zmodem
became all of a sudden incompatible with purchased zmodem... and so forth.)

Hence, the real and only meaningful actual question I'm asking is: Does
anyone here actually use PGP currently to encrypt ftp files, send and
receive them with real data to real business partners... transacting real
business that would say replace the same which might normally be done with
straight EDI documents, VANS... i.e., external/unknowable
encryption/security?

The particular partner we have chosen has specified PGP and ftp, so
unfortunately, should you rush to suggest some other scenario that works,
don't bother, we already have. It's this, or nothing.

I know it is way off topic for the filePro forum, but I stand on all the
usual good reasons for asking here and not elsewhere. Besides, I don't
really want to broach this topic out in the real world :-). It may start a
huge thread here all by itself, can you imagine how much traffic there is
about such things on the appropriate forums?  Besides, to the uninitiated
reader, it might seem like I am untrusting of the PGP people, or completely
unhappy with their right to do business at the prices they think fair...
absolutely nothing further from the mark. I found the people at www.pgp.com
to be very helpful, nice and as you might expect technically superb. So, I'm
just asking for testimonials if you use the purchased command-line product,
or maybe you have compiled the thing on some platform and use it
successfully without having had the need to buy it... one of the "reasons
for being" for opensource in the first place. It's just too big a buy-in to
not ask these questions.

Thanks,

--
John Esak
(570) 384-2444

Visit The FP Room www.tinyurl.com/97y9u 24/7

Author of:
The filePro Survivor Series
Video Training For FilePro On CD
See samples at : www.valar.com/training

Publisher of:
The FP Survivor Addendum CD (quarterly)
Learn more: www.valar.com/fpsa