[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: PGP 2 support (was: Fwd: Mitarbeit?)
From: Ingo =?iso-8859-1?q?Kl=F6cker?= <ingo.kloecker () epost ! de>
Date: 2001-10-28 21:08:37
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 26 October 2001 10:27, Werner Koch wrote:
> On Thu, 25 Oct 2001 22:34:08 +0200, Marc Mutz said:
> > Since gpgme will do so much for us in the next release (S/MIME and
> > OpenPGP), would it be acceptable to drop PGPi support for a version
> > or two until we have either a gpgme backend, or a new kpgp, which
> > does not
>
> I assume PGPi is support for pgp 2.
I assume Marc meant all versions of PGP, i.e. PGP 2, 5 and 6.
> PGP 2 has a couple of security problems which have benn addressed
> with OpenPGP, so I am in favor of dropping PGP 2 support entirely.
> It is qpossible to verify PGP 2 created message using GnuPG without
> any hassles.
>
> Decryption is a problem, because this requires a license from Ascom,
> it is no possible to distribute a CDROM with PGP 2 on it for this
> reason, cuase this is a commercial activity. Even charitable
> organizations must require a license for IDEA. If you are living in
> one of the countries where Ascom got no patent grant, you can use the
> IDEA module for GnuPG which makes it possible to decrypt pgp 2
> generated, messages too.
Hmm, as Michael already mentioned is PGP 2 distributed by SuSE on their
Linux distributions. And the readme.1st says:
<quote>
PGP 2.6.3i may be freely used for non-commercial purposes only. If you
want to use PGP for commercial purposes, you need to buy a separate
license for the IDEA algorithm used in PGP. IDEA licenses can be
purchased from Ascom Systec AG in Switzerland.
</quote>
So for home users who just want to sign/encrypt their personal mail it's
no problem. Of course I'd also rather see everybody use GnuPG (or other
free encryption programs) instead of PGP (2). But we are living in a
free world and this means that everybody is free to use PGP 2 (for
non-commercial purposes) instead of GnuPG if he likes to. We could of
course remove the PGP 2 support completely and by this force all
KMail-with-PGP 2 users to either use the (free for non-commercial use)
version of PGP 6 (which is no longer supported by NAI and which has
some security problems as well) or GnuPG. But I don't think we should
force our users to switch. There has to be another way to convince them
to no longer use PGP 2.
> When the patent expires in 2007/2010 it is possible to write a simple
> wrapper for pgp 2 which presents an GnuPG like interface to gpgme -
> this way you get pgp 2 support nearly for free.
But we support PGP 2 now. Who knows what's in 6 or 9 years.
> And now for the very important part. You may have noticed a faster
> and faster rush towards software patents in Europe, we now have to
> work even harder to prevent at least Europe from drowning in a flood
> of patent claims agains any software vendor. There is not much time
> left. By supporting a program (pgp) which relies on a patented
> algorithm (IDEA) we are setting the wrong sign. So please don't use
> PGP 2 anymore (or use a variant which supports CAST5) - as soon as
> patents are banned from Europe, I won't object anymore against the
> support of PGP 2 because this would probably render the IDEA patent
> worthless.
I know very well that our PGP 2 support is a "two-bladed sword" (german
expression which roughly means "there are pros and cons"). If the
variant which supports CAST5 uses the same syntax as the version
without CAST5 support then we most likely already support it.
BTW, by dropping PGP 2 support we would gain almost nothing because the
code for PGP 2 is nearly completely the same as for PGP 6.
Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE73HPZGnR+RTDgudgRAo1uAJ9zsU1K/Z8nUzKJ9gisDvVjmvU/mwCgoNx7
Uj8lQf8KypnzX63gEXjVBfI=
=fruE
-----END PGP SIGNATURE-----
_______________________________________________
kmail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic