Mailing List Archive: FAQ and pgp 6+ test

FAQ and pgp 6+ test

Feb 17, 1999, 7:17 PM

Post #1 of 6 (268 views)

Hello,

I'm new to the list so please excuse me if those are already
answered. I looked up the archive and didn't saw an answer to the
following:

1- When I read in the documentation that GnuPG is compatible with PGP5+
keys, am I correct in understanding that it includes PGP 6 products?

2- Has GnuPG been put thru a methodic safety test? If so is there a paper
on the subject?

3- I looked up to see if anyone had had the time to do FAQ for GnuPG
and it doesn't seems so. So I did setup a user maintained Automatic
FAQ for it. It is situated at http://www.oeil.qc.ca/auto_faq/gnupg/
. I didn't put anything yet in it because I'm too new to the project,
but be my guests an put questions you're tired to answer there.

--
Bonne journée,
_________________________________________________________________
|Philippe Laliberte | http://www.oeil.qc.ca/~arsphl/ |
| arsphl@oeil.qc.ca | NO SPAM PLEASE |
_________________________________________________________________

Re: FAQ and pgp 6+ test [ In reply to ]

Feb 18, 1999, 1:20 PM

Post #2 of 6 (267 views)

Philippe Laliberte <arsphl@oeil.qc.ca> writes:

> 1- When I read in the documentation that GnuPG is compatible with PGP5+
> keys, am I correct in understanding that it includes PGP 6 products?

Should work but I do not have a pgp 6 here (for Unix).

> 2- Has GnuPG been put thru a methodic safety test? If so is there a paper
> on the subject?

Are you talking about general software safety (bufferoverflows and all
such things) or about the the cryptographic security?

The algorithms do pass the testvectors so we can assume they are
correct. I don't know of any testsuite for rfc2440 so we have to
check it manually and by comparing against the other
implementation(s).

I hope that a lot of people have reviewed the source to make sure that
confidential information don't leak out and that all parameters are
choosen safely.

> and it doesn't seems so. So I did setup a user maintained Automatic
> FAQ for it. It is situated at http://www.oeil.qc.ca/auto_faq/gnupg/

I'll put a link on the web page - okay?

Werner

--
ceterum censeo RSA esse delendam

Re: FAQ and pgp 6+ test [ In reply to ]

Feb 18, 1999, 1:20 PM

Post #3 of 6 (265 views)

Philippe Laliberte <arsphl@oeil.qc.ca> writes:

> 1- When I read in the documentation that GnuPG is compatible with PGP5+
> keys, am I correct in understanding that it includes PGP 6 products?

Should work but I do not have a pgp 6 here (for Unix).

> 2- Has GnuPG been put thru a methodic safety test? If so is there a paper
> on the subject?

Are you talking about general software safety (bufferoverflows and all
such things) or about the the cryptographic security?

The algorithms do pass the testvectors so we can assume they are
correct. I don't know of any testsuite for rfc2440 so we have to
check it manually and by comparing against the other
implementation(s).

I hope that a lot of people have reviewed the source to make sure that
confidential information don't leak out and that all parameters are
choosen safely.

> and it doesn't seems so. So I did setup a user maintained Automatic
> FAQ for it. It is situated at http://www.oeil.qc.ca/auto_faq/gnupg/

I'll put a link on the web page - okay?

Werner

--
ceterum censeo RSA esse delendam

Re: FAQ and pgp 6+ test [ In reply to ]

Feb 18, 1999, 1:20 PM

Post #4 of 6 (266 views)

Philippe Laliberte <arsphl@oeil.qc.ca> writes:

> 1- When I read in the documentation that GnuPG is compatible with PGP5+
> keys, am I correct in understanding that it includes PGP 6 products?

Should work but I do not have a pgp 6 here (for Unix).

> 2- Has GnuPG been put thru a methodic safety test? If so is there a paper
> on the subject?

Are you talking about general software safety (bufferoverflows and all
such things) or about the the cryptographic security?

The algorithms do pass the testvectors so we can assume they are
correct. I don't know of any testsuite for rfc2440 so we have to
check it manually and by comparing against the other
implementation(s).

I hope that a lot of people have reviewed the source to make sure that
confidential information don't leak out and that all parameters are
choosen safely.

> and it doesn't seems so. So I did setup a user maintained Automatic
> FAQ for it. It is situated at http://www.oeil.qc.ca/auto_faq/gnupg/

I'll put a link on the web page - okay?

Werner

--
ceterum censeo RSA esse delendam

Re: FAQ and pgp 6+ test [ In reply to ]

Feb 19, 1999, 8:16 AM

Post #5 of 6 (266 views)

I just subscribed to this list... Why am I getting _THREE_ copies of each
posting? A bit excessive, no?

Barry

Werner Koch wrote:

> Philippe Laliberte <arsphl@oeil.qc.ca> writes:
>
> > 1- When I read in the documentation that GnuPG is compatible with PGP5+
> > keys, am I correct in understanding that it includes PGP 6 products?
>
> Should work but I do not have a pgp 6 here (for Unix).
>
> > 2- Has GnuPG been put thru a methodic safety test? If so is there a paper
> > on the subject?
>
> Are you talking about general software safety (bufferoverflows and all
> such things) or about the the cryptographic security?
>
> The algorithms do pass the testvectors so we can assume they are
> correct. I don't know of any testsuite for rfc2440 so we have to
> check it manually and by comparing against the other
> implementation(s).
>
> I hope that a lot of people have reviewed the source to make sure that
> confidential information don't leak out and that all parameters are
> choosen safely.
>
> > and it doesn't seems so. So I did setup a user maintained Automatic
> > FAQ for it. It is situated at http://www.oeil.qc.ca/auto_faq/gnupg/
>
> I'll put a link on the web page - okay?
>
> Werner
>
> --
> ceterum censeo RSA esse delendam

Re: FAQ and pgp 6+ test [ In reply to ]

Feb 19, 1999, 9:08 AM

Post #6 of 6 (265 views)

Barry Treahy <treahy@mmaz.com> writes:

> I just subscribed to this list... Why am I getting _THREE_ copies of each
> posting? A bit excessive, no?

sorry, there was a problem with the rmail of my provider. While I
changed my local uucp configuration to fix this, he also restored the
old rmail and I had resend several messages which have been in the
queue ....

Sorry.

Werner

--
ceterum censeo RSA esse delendam