Can't compile RSA / IDEA under Windows

Mark H. Wood mwood@IUPUI.Edu
Wed, 6 Sep 2000 08:39:14 -0500 (EST)


On Wed, 6 Sep 2000, Michel Bouissou wrote:

> Werner Koch wrote:
>
> > > So, how could the IDEA / Windows version be solved ?
> >
> > Wait until 2007.
>
> Am I right understanding your statement as meaning that making GnuPG
> compatible with the most trusted and original versions of PGP is of
> absolutely no interest to you ?
I think he's saying that forcing GPG users in many countries to choose between breaking the law and waiting seven years for their next GPG upgrade is of absolutely no interest.
> Well, I have the feeling that a big lot of PGP users and free crypto
> supporters wouldn't share this point of view.
>
> On the opposite, many people seem to consider that the success and
> diffusion of GnuPG will be very closely related to its ability of
> being easily compatible with existing versions of PGP, and existing
> PGP keys, on the most common platforms.
This is true. Sadly, many cling to versions of PGP that are now nearly FIVE MAJOR RELEASES OUTDATED. *Their* software is not RFC2440-compliant.
> If GnuPG wants to be considered as a serious alternative to PGP and a
> possible replacement for it, it *has* to put compatibility on the top
> of its priorities-list.
>
> > Or go and fix PGP 2 to use CAST5 instead of IDEA - it should be not
> > that comlicated. Well, there is still the problem with PGP2's ugly
> > way of storing signatures.
>
> Asking to "go fix PGP 2" is pure nonsense. Are you speaking seriously
> ?
I took it seriously. The source is in the celebrated book. Go fix it. [snip stuff on which I can't usefully comment]
> It would probably be quite trivial to add some options like
> --compat-PGP26x or --compat-PGP5x that would set GnuPG operations
> accordingly, rather than having to do some kind of puzzle work trying
> to combine the individual existing esoteric options such as --rfc1991
> or --force-v3-sigs --s2k-* or --cipher-algo --compress-algo
> --digest-algo .
>
> These options are interesting for specialists, but are definitely not
> usable for the average user that would simply like to encrypt a
> message that would be readable for a PGP2 user.
It sounds reasonable to have collective switches which implement commonly-used combinations of more specialized options. This does nothing about the legal issues, but it wouldn't hurt.
> Furthermore, the messages that GnuPG displays when using RSA keys or
> the IDEA algorithm, stating these are "deprecated" or "obsolete" and
> advising the user to "upgrade" are clearly partial.
>
> RSA and IDEA may be encumbered with patent issues (soon to be solved
> for RSA), these issues do not make these algorithms "deprecated" nor
> "obsolete" nor less trustable than DH/DSS or CAST5.
No, what makes the use of IDEA deprecated is this language in RFC2440: [from section 3.6.2.2] PGP 2.X always used IDEA with Simple string-to-key conversion when encrypting a message with a symmetric algorithm. This is deprecated, but MAY be used for backward-compatibility.
> Therefore, displaying such messages is a partial choice based on
> personal opinions and not technical facts.
If protocol specifications are not technical facts, then I wonder what they are.
> It would be great if GnuPG could get rid of these little issues,
> because it would immediately make it a very serious challenger to
> PGP, and would help for its large diffusion.
I can't argue with that. However, only time or money will solve the patent issues. -- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu 2000-05-05 13:27:15 GMT -- still no icebergs in the White River -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org