OT: PGP,
commercial product vs opensource stuff - viability/usability
Fairlight
fairlite at fairlite.com
Sun Oct 30 20:34:59 PST 2005
On Sun, Oct 30, 2005 at 09:52:13PM -0500, after drawing runes in goat's blood,
John Esak cast forth these immortal, mystical words:
>
> Thanks for the answer (I'm glad it's positive...) but, the gotcha is your
> last sentence. What if the other party is using the commercially available
> PGP, and it is not compatible? I need to address this before we make the
> plunge. So I guess we'll compile and ask them to do a test.
The real question is what algorithms are supported by the commercial
versions you'll be "talking to". Here is the list of algorithms supported
by the SCO-supplied binary of GPG for each layer:
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
Compression: Uncompressed, ZIP, ZLIB, BZIP2
For more compatibility information, please see:
http://www.gnupg.org/(en)/documentation/faqs.html
You'll want to note sections 1.2, 5.1, 5.2, and 5.4. That pretty much
covers the portability issues you're asking about. In a quick summary, RSA
is supported, IDEA is -not- and won't be until at least 2007. That's not
an issue if you tell it to use something other than IDEA and don't have to
work with PGP 2.6.x (any of the others are fine). PGP 5 could originally
not compile with one type of key that GPG -used- to generate, but GPG now
generates keys in the PGP 5 type to accomodate that version. The 2.6 stuff
is irrelevant, as that was an open source version before there was a term
for open source, and you won't be dealing with it in all likelihood--I was
one of the real diehard non-converts and even I dumped PGP 2.6 for GPG over
two years ago. Oh, and PGP 5 needs you to use a couple options when you
encrypt for it that really don't affect anything else.
Everything I'm reading says the -only- problem -might- come with 2.6.x
versions of the open source PGP, which you're not likely to be running up
against in this day and age. If people are using commercial solutions or
GPG itself, this should be a no-brainer. As the FAQ notes, there's a
standard for it now, and it should be conformed to.
You can read the FAQ for full details on compatibility yourself at the
aforementioned URL, but those are the highlights at a glance.
Not really seeing a problem that would make it a dealbreaker,
myself--especially after testing SCO's build an ruling that as acceptable.
I personally believe you'll be fine with GPG, John.
mark->
--
There is no "I" in TEAM.
This would be the primary reason I've chosen not to join one.
More information about the Filepro-list
mailing list