PGP 5.x and GnuPG

[Frank Tobin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Trevor Smith, at 11:26 -0400 on Fri, 17 Mar 2000, wrote:

> >The reason is mainly the v3 vs. v4 key types. Note that PGP5 is not
> >OpenPGP compliant.
> 
> Weird. Doesn't the OpenPGP RFC start by saying that OpenPGP is a
> proposed standard based on PGP 5.0? How did PGP5 manage not to comply
> with the RFC based on it?

The v3 keys that PGP5 and earlier created are vulnerable to certain
attacks.  That is the reason they are now deprecated.  In the RFC there
are SHOULD's and MUSTS.  From the RFC, 5.5.2:

"OpenPGP implementations SHOULD create keys with version 4 format. An
implementation MAY generate a V3 key to ensure interoperability with
old software; note, however, that V4 keys correct some security
deficiencies in V3 keys. These deficiencies are described below. An
implementation MUST NOT create a V3 key with a public key algorithm
other than RSA."


You might be interested in browsing the section of the RFC entitled
"Implementation Nits":
http://www.gnupg.org/rfc2440-14.html

- -- 
Frank Tobin		http://www.neverending.org/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed."  Myst: The Book of Atrus

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjjRu90ACgkQVv/RCiYMT6OwqQCfc4klzWH0Ft3fztBQOVyVJAR3
Gv4AmQEwvyhK7fCR5QtnVRQxwaYmbx+X
=ayij
-----END PGP SIGNATURE-----