Mailing List Archive

On Tue, 5 Sep 2000, Michel Bouissou wrote:

> I've tried to compile the RSA and IDEA GnuPG modules by myself under
> Windows. Unfortunately, I didn't succeed.

Modules don't work under Windows. RSA will be included in 1.0.3
which is scheduled for Septemper 20th.

Werner

--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Werner,

You wrote:

> Modules don't work under Windows. RSA will be included in 1.0.3
> which is scheduled for Septemper 20th.

Thank you for your answer.

About RSA, I was expecting it to be included with the standard GnuPG
distribution as soon as its patent expires, and I'm glad to read it
will be the case.

But there must be a way to incorporate IDEA as well. Even though I
understand that you don't want to include a patent-encumbered
algorithm into the standard GnuPG distribution, there must be a way
for integrating it externally to get compatability with versions 2.6x
of PGP.

The success of GnuPG, IMHO, depends for a large part on its complete
compatability with PGP, and as well on its complete availability
under Windows (you know, there still are about a dozen of Windows
users out there ;-)

So, how could the IDEA / Windows version be solved ?

About PGP compatability: I've seen that GnuPG allows it thru quite
esoteric options (--force-v3-sigs, --rfc1991, --s2k-*, --cipher-algo,
- --compress-algo, --digest-algo...) that are to be correctly combined.

Also, for encrypting and signing a message that will be readable for
PGP 2.6x, I've seen from the docs on the GnuPG Web page that you must
run 4 GnuPG rounds (!) with file combinations and tons of options.

Even though this might be usable for experts, it will surely not help
any newcomer (or even average user) to communicate with PGP 2.6x
users.

So, I'd like to suggest that GnuPG should include quite
easy-to-use-for-beginner options (such as for example --compat-PGP26x
- --compat-PGP5x) that would allow GnuPG to behave exactly as PGP would
when encrypting or signing messages that are supposed to be decrypted
with PGP.

Is there already such a thing planned? What are your thoughts about
this?

Best regards.

Michel Bouissou <michel@bouissou.net> PGP DH/DSS ID 0x5C2BEE8F

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: Corrigez le bug PGP ADK. Installez PGP 6.5.8 ou superieur.

iQA/AwUBObSwTo7YarFcK+6PEQIm3QCghIIni/UJ6fbGxc2q5qFbW0IKRNMAn3MH
d7aoVuIz4LxLPyay2fSwWq/U
=ld5n
-----END PGP SIGNATURE-----


--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Tue, 5 Sep 2000, Michel Bouissou wrote:

> So, how could the IDEA / Windows version be solved ?

Wait until 2007.

Or go and fix PGP 2 to use CAST5 instead of IDEA - it should be not
that comlicated. Well, there is still the problem with PGP2's ugly
way of storing signatures.

Werner

--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Werner Koch wrote:

> > So, how could the IDEA / Windows version be solved ?
>
> Wait until 2007.

Am I right understanding your statement as meaning that making GnuPG
compatible with the most trusted and original versions of PGP is of
absolutely no interest to you ?

Well, I have the feeling that a big lot of PGP users and free crypto
supporters wouldn't share this point of view.

On the opposite, many people seem to consider that the success and
diffusion of GnuPG will be very closely related to its ability of
being easily compatible with existing versions of PGP, and existing
PGP keys, on the most common platforms.

If GnuPG wants to be considered as a serious alternative to PGP and a
possible replacement for it, it *has* to put compatibility on the top
of its priorities-list.

> Or go and fix PGP 2 to use CAST5 instead of IDEA - it should be not
> that comlicated. Well, there is still the problem with PGP2's ugly
> way of storing signatures.

Asking to "go fix PGP 2" is pure nonsense. Are you speaking seriously
?

The way PGP 2 stores signatures may be ugly -- or may not. But one
cannot ignore the fact that PGP 2 was there *years* before GnuPG and
has become so largely trusted that it has become a de facto worldwide
standard.

The interesting article "Replacing PGP 2.x with GnuPG" from Kyle
Hasselbacher, available at http://www.gnupg.org/gph/en/pgp2x.html
clearly shows that GnuPG is intrinsically capable of being compatible
with PGP 2.x, but that the choice of making it easy has not been
made.

It would probably be quite trivial to add some options like
- --compat-PGP26x or --compat-PGP5x that would set GnuPG operations
accordingly, rather than having to do some kind of puzzle work trying
to combine the individual existing esoteric options such as --rfc1991
or --force-v3-sigs --s2k-* or --cipher-algo --compress-algo
- --digest-algo .

These options are interesting for specialists, but are definitely not
usable for the average user that would simply like to encrypt a
message that would be readable for a PGP2 user.

Furthermore, the messages that GnuPG displays when using RSA keys or
the IDEA algorithm, stating these are "deprecated" or "obsolete" and
advising the user to "upgrade" are clearly partial.

RSA and IDEA may be encumbered with patent issues (soon to be solved
for RSA), these issues do not make these algorithms "deprecated" nor
"obsolete" nor less trustable than DH/DSS or CAST5.
Therefore, displaying such messages is a partial choice based on
personal opinions and not technical facts.

It would be great if GnuPG could get rid of these little issues,
because it would immediately make it a very serious challenger to
PGP, and would help for its large diffusion.

I wish this message can be understood not as being a personal attack,
or any attempt to start flamewars, this really not being in my
intention.

I only wanted to make clear features that a *lot* of current PGP
users currently expect from GnuPG, in the hope that such demands will
be heard.

Best regards.

Michel Bouissou <michel@bouissou.net> PGP DH/DSS ID 0x5C2BEE8F

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: Corrigez le bug PGP ADK. Installez PGP 6.5.8 ou superieur.

iQA/AwUBObYfm47YarFcK+6PEQJejwCgsqgdr8oOK9o3VwXo+LT5KBlr5hMAni1C
26x4ScNQrZeIBS4LXv+4cE4F
=TXZP
-----END PGP SIGNATURE-----


--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Wed, 6 Sep 2000, Michel Bouissou wrote:

> Am I right understanding your statement as meaning that making GnuPG
> compatible with the most trusted and original versions of PGP is of
> absolutely no interest to you ?

Not if this bloats the code. If someone wants to add such a feature
to a wrapper, GnuPG already has some options to help with that.

Have a look at the current keyserver stats (pgp.net):

Version 2 keys: 17763
Version 3 keys: 115803
Version 4 keys: 2062301
RSA keys: 133556
RSA keys (sign): 8
RSA keys (encrypt): 8
ELGamal keys: 1032275
DSA keys: 1029819

So we have 10 times more DSA/ElGamal keys than old RSA keys; I don't
see any reason to add more PGP compatibility. The old RSA keys are
usable without any restrictions in 2 weeks, IDEA is used only to
protect the secret key (trivial to change) and as the session key in
mails. If you keep a large pile of PGP 2 encrypted mails in an
archive you can write a script to reencrypt them with a non-patented
algorithm.

> Asking to "go fix PGP 2" is pure nonsense. Are you speaking seriously
> ?

Yes. It is not much work to hack PGP2 to support CAST5 - however,
IMO I don't think it is worth the time.

> The way PGP 2 stores signatures may be ugly -- or may not. But one
> cannot ignore the fact that PGP 2 was there *years* before GnuPG and
> has become so largely trusted that it has become a de facto worldwide

There is no problem to verify PGP 2 created signatures. It simply
works (if you can use RSA)

> RSA and IDEA may be encumbered with patent issues (soon to be solved
> for RSA), these issues do not make these algorithms "deprecated" nor
> "obsolete" nor less trustable than DH/DSS or CAST5.
> Therefore, displaying such messages is a partial choice based on
> personal opinions and not technical facts.

It is not my personal opinion but the one of the GNU project.
Please read the GPL to see why we can't distribute any software
which uses an patented algorithm.

> It would be great if GnuPG could get rid of these little issues,
> because it would immediately make it a very serious challenger to
> PGP, and would help for its large diffusion.

So startup your editor and implement that feature in pgpgpg, gpg or
wherever you want it. But keep in mind that you are going to
violate the license if you add IDEA to the distribution.

Werner


--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Werner Koch wrote:

> Have a look at the current keyserver stats (pgp.net):
>
> Version 2 keys: 17763
> Version 3 keys: 115803
> Version 4 keys: 2062301
> RSA keys: 133556
> RSA keys (sign): 8
> RSA keys (encrypt): 8
> ELGamal keys: 1032275
> DSA keys: 1029819
>
> So we have 10 times more DSA/ElGamal keys than old RSA keys; I don't
> see any reason to add more PGP compatibility.

I don't think that these figures give and exact image of the situation. Here is
why:

- PGP 2.x doesn't include any support for keyservers. So PGP 2.x users who want
to put their keys on servers need to perform it outside of PGP, using Web or
mail interfaces.

- PGP 5.x / 6.x includes native keyservers support, and automatically proposes
to the user to send his keys to servers as soon as a key pair is generated.
This will make many people send their keys (especially for newcomers, send keys
that will be lost and never reused ;-) to the servers where PGP 2.x users
wouldn't have sent them.

- Furthermore, current users sticking to PGP 2 may be a little more "paranoiac"
than PGP 5.x or 6.x users, making them more reluctant to distribute their keys
onto keyservers.

So, IMHO, keyserver statistics do not give an exact figure of the real ratio of
PGP 2 vs PGP 6 keys.

Last but not least, a number of tools in usage today, such as anonymous
remailers, heavily rely on PGP 2 and PGP 2 format keys, making them necessary
for interacting with such systems.

> The old RSA keys are
> usable without any restrictions in 2 weeks, IDEA is used only to
> protect the secret key (trivial to change) and as the session key in
> mails. If you keep a large pile of PGP 2 encrypted mails in an
> archive you can write a script to reencrypt them with a non-patented
> algorithm.

Well, it seems that signing and encrypting a message using GnuPG so that PGP2
can decrypt and sig-check it properly, is less trivial...
http://www.gnupg.org/gph/en/pgp2x.html )

> > Asking to "go fix PGP 2" is pure nonsense. Are you speaking seriously
> > ?
>
> Yes. It is not much work to hack PGP2 to support CAST5 - however,
> IMO I don't think it is worth the time.

People that trust only PGP2 (for it has been there for long, extensively
reviewed, etc.) would never trust a newly "fixed" version of PGP2 incorporating
CAST5. That's why this suggestion doesn't make sense.

> > RSA and IDEA may be encumbered with patent issues (soon to be solved
> > for RSA), these issues do not make these algorithms "deprecated" nor
> > "obsolete" nor less trustable than DH/DSS or CAST5.
> > Therefore, displaying such messages is a partial choice based on
> > personal opinions and not technical facts.
>
> It is not my personal opinion but the one of the GNU project.
> Please read the GPL to see why we can't distribute any software
> which uses an patented algorithm.

I perfectly understand this issue, and perfectly understand why IDEA cannot be
integrated into the main GnuPG distribution which is under GPL.

Although, this doesn't prevent from making provisions for the easy integration
of an external module that you can easily plug into GnuPG. This is already the
case in Unix, but I read your answer saying in wasn't working in Windows...

And not integrating these algorithms into the main distribution doesn't force
GnuPG to display messages stating these algorithms are "deprecated" or
"obsolete". Maybe just "unsupported" in the corresponding module is not
loaded...

Best regards.

michel@bouissou.net


--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Wed, 6 Sep 2000, Michel Bouissou wrote:
> Werner Koch wrote:
>
> > > So, how could the IDEA / Windows version be solved ?
> >
> > Wait until 2007.
>
> Am I right understanding your statement as meaning that making GnuPG
> compatible with the most trusted and original versions of PGP is of
> absolutely no interest to you ?

I think he's saying that forcing GPG users in many countries to choose
between breaking the law and waiting seven years for their next GPG
upgrade is of absolutely no interest.

> Well, I have the feeling that a big lot of PGP users and free crypto
> supporters wouldn't share this point of view.
>
> On the opposite, many people seem to consider that the success and
> diffusion of GnuPG will be very closely related to its ability of
> being easily compatible with existing versions of PGP, and existing
> PGP keys, on the most common platforms.

This is true. Sadly, many cling to versions of PGP that are now nearly
FIVE MAJOR RELEASES OUTDATED. *Their* software is not RFC2440-compliant.

> If GnuPG wants to be considered as a serious alternative to PGP and a
> possible replacement for it, it *has* to put compatibility on the top
> of its priorities-list.
>
> > Or go and fix PGP 2 to use CAST5 instead of IDEA - it should be not
> > that comlicated. Well, there is still the problem with PGP2's ugly
> > way of storing signatures.
>
> Asking to "go fix PGP 2" is pure nonsense. Are you speaking seriously
> ?

I took it seriously. The source is in the celebrated book. Go fix it.

[snip stuff on which I can't usefully comment]
> It would probably be quite trivial to add some options like
> --compat-PGP26x or --compat-PGP5x that would set GnuPG operations
> accordingly, rather than having to do some kind of puzzle work trying
> to combine the individual existing esoteric options such as --rfc1991
> or --force-v3-sigs --s2k-* or --cipher-algo --compress-algo
> --digest-algo .
>
> These options are interesting for specialists, but are definitely not
> usable for the average user that would simply like to encrypt a
> message that would be readable for a PGP2 user.

It sounds reasonable to have collective switches which implement
commonly-used combinations of more specialized options. This does nothing
about the legal issues, but it wouldn't hurt.

> Furthermore, the messages that GnuPG displays when using RSA keys or
> the IDEA algorithm, stating these are "deprecated" or "obsolete" and
> advising the user to "upgrade" are clearly partial.
>
> RSA and IDEA may be encumbered with patent issues (soon to be solved
> for RSA), these issues do not make these algorithms "deprecated" nor
> "obsolete" nor less trustable than DH/DSS or CAST5.

No, what makes the use of IDEA deprecated is this language in RFC2440:

[from section 3.6.2.2]
PGP 2.X always used IDEA with Simple string-to-key conversion when
encrypting a message with a symmetric algorithm. This is deprecated,
but MAY be used for backward-compatibility.

> Therefore, displaying such messages is a partial choice based on
> personal opinions and not technical facts.

If protocol specifications are not technical facts, then I wonder what
they are.

> It would be great if GnuPG could get rid of these little issues,
> because it would immediately make it a very serious challenger to
> PGP, and would help for its large diffusion.

I can't argue with that. However, only time or money will solve the
patent issues.

--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
2000-05-05 13:27:15 GMT -- still no icebergs in the White River

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Wed, 6 Sep 2000, Michel Bouissou wrote:

> Last but not least, a number of tools in usage today, such as anonymous
> remailers, heavily rely on PGP 2 and PGP 2 format keys, making them necessary
> for interacting with such systems.

Which are quite unreliable and won't not cope with a much larger
user base. There is some work to be done at the remailers not in
the protocol.

> People that trust only PGP2 (for it has been there for long, extensively
> reviewed, etc.) would never trust a newly "fixed" version of PGP2 incorporating
> CAST5. That's why this suggestion doesn't make sense.

They can look at the code and given the simple control flow used in
PGP 2 it can be implemented quite straightforwad.

> And not integrating these algorithms into the main distribution doesn't force
> GnuPG to display messages stating these algorithms are "deprecated" or
> "obsolete". Maybe just "unsupported" in the corresponding module is not

RSA will be removed from the message today.

Werner


--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org