pgp again

[Dean Gaudet <dg...@arctic.org>]

Ok I'm reading the FAQ.  <http://www.pgp.net/pgpnet/pgp-faq/>

Some comments: 

Question 1.7, "What's the current version of PGP?"  After reading this, I
think it should be completely clear where the confusion starts.  This
response makes no suggestion as to what version folks should be using. 
And starts off with this wonderful statement:  ``At the moment, there are
five different "current" versions of PGP''.  Wow, 5.  Imagine if there
were 5 current versions of apache.  I'm sure we'd be able to adequately
support all of them, and no users would be confused. 

And just look at the numbering scheme!  It's clear that the PGP folks have
never had the educating/entertaining version numbering arguments that the
apache group has gone through. 

Section 2:  This section gives pgp 2.x command examples, with no
explanation that they will not work on version 5.x. 

Question 2.17:  Mentions how you can get 2.6.x to interoperate with 5.x,
but gives no examples of how to generate a key, or what extra
configuration I should use with 5.x to be maximally compatible. 

around section 4 I gave up.  This FAQ is clearly targeted at 2.6.x users
only.  Too bad, I don't have 2.6.x installed.  Why don't I have 2.6.x
installed?  Because it was a pain in the ass to compile.  At least with
5.0 all I had to do was "./configure && make install". 

Ok, so I'm a pgp 5 user.  I follow the link to the PGP 5.0 FAQ
<http://www.pgp.com/products/PGP50-faq.cgi>. 

The PGP 5.0 FAQ is an advertisement. 

Ok it has a bit of information.  But it has absolutely no examples.  It
says the same thing as question 2.17 above -- it tells me what algorithms
I should use, but gives no examples. 

---

OK, off the FAQs.  When I signed 1.3bX (I forget which X), and users
started to complain to me that my key wasn't in the right key server, or
that I shouldn't use 5.x, or whatever.  I posted here, and asked for help. 
I recall getting an email address for a keyserver, that address bounced. I
got a URL, and that 404d.  Sameer said something like this to me
"pgp.com's keyserver has always been screwed" (not his exact words). 

I really have given this a fair chance, and it hasn't worked for me.  I
figure that PGP has been around for, what, 8 years now?  It should have
turn-key solutions by now.  I don't care if OpenPGP is going to solve the
world's problems, am I going to be able to use it?  I don't know.  Will
folks bitch if I sign a message using OpenPGP and they can't read the
signatures with their pgp 5.0 or pgp 2.6.x clients?  Probably.  What a
goddamn mess.

Dean

RE: pgp again

[Lars Eilebrecht <La...@unix-ag.org>]

According to Dean Gaudet:

[...]
>  Will folks bitch if I sign a message using OpenPGP and they can't read the
>  signatures with their pgp 5.0 or pgp 2.6.x clients?  Probably.  What a
>  goddamn mess.

Probably not, because OpenPGP will be compatible with both old PGP versions.


ciao...
-- 
Lars Eilebrecht                      - You know it's going to be a bad day
sfx@unix-ag.org                       - when you forget your new password.
http://www.home.unix-ag.org/sfx/