OT: PGP,
commercial product vs opensource stuff - viability/usability
John Esak
john at valar.com
Mon Oct 31 00:45:25 PST 2005
Wow!,
Thanks for doing so much on this simple request for answers. Much
appreciated. Tomorrow, (well today I guess) we'll try it all out.
The only thing is, in the other message you mention having tested it on
Bob's 5.6 system. I didn't know he had one. JP went down there a few weeks
ago, maybe a month or so, and completely upgraded Bob to SCO 6.0. Is this
why you found it already there... and Unixware based to boot. Probably. But
if not, great, we know it will work/compile on 5.6. Thanks.
Thanks again,
John
> -----Original Message-----
> From: filepro-list-bounces at lists.celestial.com
> [mailto:filepro-list-bounces at lists.celestial.com]On Behalf Of Fairlight
> Sent: Sunday, October 30, 2005 11:35 PM
> To: Fplist (E-mail)
> Subject: Re: OT: PGP,commercial product vs opensource stuff -
> viability/usability
>
>
> On Sun, Oct 30, 2005 at 09:52:13PM -0500, after drawing runes in
> goat's blood,
> John Esak cast forth these immortal, mystical words:
> >
> > Thanks for the answer (I'm glad it's positive...) but, the
> gotcha is your
> > last sentence. What if the other party is using the
> commercially available
> > PGP, and it is not compatible? I need to address this before
> we make the
> > plunge. So I guess we'll compile and ask them to do a test.
>
> The real question is what algorithms are supported by the commercial
> versions you'll be "talking to". Here is the list of algorithms supported
> by the SCO-supplied binary of GPG for each layer:
>
> Supported algorithms:
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
>
> For more compatibility information, please see:
>
> http://www.gnupg.org/(en)/documentation/faqs.html
>
> You'll want to note sections 1.2, 5.1, 5.2, and 5.4. That pretty much
> covers the portability issues you're asking about. In a quick
> summary, RSA
> is supported, IDEA is -not- and won't be until at least 2007. That's not
> an issue if you tell it to use something other than IDEA and don't have to
> work with PGP 2.6.x (any of the others are fine). PGP 5 could originally
> not compile with one type of key that GPG -used- to generate, but GPG now
> generates keys in the PGP 5 type to accomodate that version. The
> 2.6 stuff
> is irrelevant, as that was an open source version before there was a term
> for open source, and you won't be dealing with it in all likelihood--I was
> one of the real diehard non-converts and even I dumped PGP 2.6
> for GPG over
> two years ago. Oh, and PGP 5 needs you to use a couple options when you
> encrypt for it that really don't affect anything else.
>
> Everything I'm reading says the -only- problem -might- come with 2.6.x
> versions of the open source PGP, which you're not likely to be running up
> against in this day and age. If people are using commercial solutions or
> GPG itself, this should be a no-brainer. As the FAQ notes, there's a
> standard for it now, and it should be conformed to.
>
> You can read the FAQ for full details on compatibility yourself at the
> aforementioned URL, but those are the highlights at a glance.
>
> Not really seeing a problem that would make it a dealbreaker,
> myself--especially after testing SCO's build an ruling that as acceptable.
> I personally believe you'll be fine with GPG, John.
>
> mark->
> --
> There is no "I" in TEAM.
> This would be the primary reason I've chosen not to join one.
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> http://mailman.celestial.com/mailman/listinfo/filepro-list
More information about the Filepro-list
mailing list