Re: recommended version of pgp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello Steve,

On Sunday, February 25 2007 at 09:11 AM PDT, you wrote:

> Not trying to be argumentative, I am just trying to
understand what
> there is to gain by switching from GnuPG on XP.

Well, GnuPG is never going to be ported to Windows beyond
v1.4.6 if Werner
is to be believed, so in time...v1.4.6 will become outdated.
PGP on the
other hand already has a beta version out that works with
Windows Vista.

Currently, there is nothing wrong with GnuPG...nothing at
all...in fact in
some cases, I prefer using it instead of PGP. But, as
mentioned, it's a 
dead end street so one may as well go with a product that
has an active 
'R&D' element to it. 


- -- 
    Nick Andriash
Creston, B.C. Canada


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wsDYAwUBReHJdFc9HDzJE0djAQqjNQwXYNef1GEEvRA0ZxLx8R3XuzozjIU7
CYaB
e+4pcpkAsMrPRbtv5AreMAbl6GWY5/UObGu2iCRZgrEWzf27x3T7BFGi3P/B
pILh
Og+L1z5E5uSlPcJUDC4HWT/PUl2cex3rIY/zeQKdKlVWKXS/0nq5Ssx5og+6
6rr8
aO0oKAqlPG1tEzxYbHSahup23YivaZ9/E3AiJjYSdkgjZNM3ZNRS255ei13P
1Fgf
I8gj9QWFXR0QGt/TxKmVx7IsNrww5i4mNjVYZF3wuwTnrkCBX7rG+JC/qWa6
2PRW
UG4M07cpuQODgtgvi15cDvIhS99kaC/W5Rrg50b3ZCF0GxUOsQfzrQuAjFHK
VLSd
LO8Bg5BwHNj9W+NsQrYwLmL17Xks5tc/NDuflwgjaRXCgSZ3Gf/kecfv14Ac
9J+A
r6uH47oWgscLdKfzxNgTiIVZ6JDnRZW9FLlt3TB08dYabBrSYCilZGmV4/ex
JCCw
3zTZmnwTDA9GgfiDK4ETQn7nyxyMx9mv+IH7
=LHmK
-----END PGP SIGNATURE-----



____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://
groups.yahoo.com/group/PGP-Basics/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:PGP-Basics-digest@yahoogroups.com 
    mailto:PGP-Basics-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nick Andriash wrote:
> Hello Steve,
> 
> On Sunday, February 25 2007 at 09:11 AM PDT, you
wrote:
> 
>> Not trying to be argumentative, I am just trying to
understand what
>> there is to gain by switching from GnuPG on XP.

Not a lot.

> Well, GnuPG is never going to be ported to Windows
beyond v1.4.6 if Werner
> is to be believed, so in time...v1.4.6 will become
outdated. PGP on the
> other hand already has a beta version out that works
with Windows Vista.

Please guys, the "version number envy" is getting
pretty palpable. GnuPG 2.0 is
not so much a 'new version' as it is a new architecture. It
includes some X.509
bits that (surprise) are handled natively by most Windows
MUAs (and browsers) as
well as gpg-agent for caching passphrases, and scdaemon
which allows OpenPGP
cards to be used with OpenSSH. gpg-agent is the main bit not
already in 1.4 that
would be extremely useful if back-ported. scdaemon's
functionality would be
useful to some, but would most likely be better implemented
as a windows-style
service than a *nix daemon.

There is nothing in the OpenPGP standard which is missing
from either GnuPG
1.4.x or GnuPG 2.0. GnuPG 2.0 is just built is a different
manner. Perhaps
Gnu-GnuPG would have been a better name as it's a complete
redesign.

OpenPGP is a mature, pretty stable standard. As the standard
changes, those
changes will go into GnuPG 1.4 as well as 2.0

WK has said that he's "not interested in porting GnuPG
2.0 to Windows at this
time' - that's not the same as "never." He's also
hinted that financial backing
for such a project could change his mind.

> Currently, there is nothing wrong with GnuPG...nothing
at all...in fact in
> some cases, I prefer using it instead of PGP. But, as
mentioned, it's a
> dead end street so one may as well go with a product
that has an active
> 'R&D' element to it.

As for the premise that 1.4.6 is the
"End-of-the-Line" or a "Dead-end
Street",
there should be a 1.4.7 release "REAL SOON NOW",
probably next Monday.

Active 'R&D'? There is still active work being done on
1.4 as evidenced by the
changes emailed out with each svn commit. They're not so
much in core
functionality as they are cleaner and simpler
implementations. Much of what I
see in 2.0 looks like what Fred Brooks called "The
Second-System Effect." I have
a few philosophical problems with the the 2.0 design as
well. What may make
sense from a software engineering standpoint may not
translate well to a
security approach.

The code for GnuPG 1.4 is pretty stable and has been picked
over by 1000s of
pairs of eyes. GnuPG 2.0 is new, still receiving bug
reports, and the code
hasn't been examined too deeply yet. Add the myriad mistakes
one can make
porting a *nix app to Windows 2000 and XP (Vista is a whole
'nother nightmare.),
and I ask you, "Which product would you rather trust
with your security?"

- --
John P. Clizbe                      Inet:   John (a)
Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID:
0x608D2A10/0x18BB373A
"what's the key to success?"        / "two
words: good decisions."
"what's the key to good decisions?" /  "one
word: experience."
"how do i get experience?"          / "two
words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold
conversations?"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7-svn-4431+-2007-02-20 (Windows PIII)
Comment: When cryptography is outlawed,
b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Be part of the £33t ECHELON -- Use Strong
Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


iQCVAwUBReIGOr4fmBEYuzc6AQK49AP/cKWX8go2LTGdFBB4NrSojMKJNwfU
8T6M
scrpQCMDW0AFBVqQDhVvq3Jt3T+pUN3FUde+Tm85vt0TMs567LJ+r2Sg5lj1
9rxO
ue8RzI3IPXNAZP7J7Cyezza8gUByzheNl2lN/6XVkM1lEEOc/jIqAqOQwP9N
wOky
IxTnzcqUYNGIPwMFAUXiBjodBKxKYI0qEBECuPQAoP6YFRiRkSx7grLGjhHg
Z9gm
9d7SAKCyNF3C+kT9SDjDcge3VIhx8qFUtA==
=Td80
-----END PGP SIGNATURE-----


____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://
groups.yahoo.com/group/PGP-Basics/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:PGP-Basics-digest@yahoogroups.com 
    mailto:PGP-Basics-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Nick Andriash wrote:

> Well, GnuPG is never going to be ported to Windows
beyond v1.4.6 if Werner
> is to be believed, so in time...v1.4.6 will become
outdated. PGP on the
> other hand already has a beta version out that works
with Windows Vista.

An Odd statement considering that *I* am running the 1.4.7
Development
Branch right now!  In fact; Werner has specifically stated
that the
1.4.x BRANCH will continue to Development and for Production
Use will
continue to be strongly encouraged.  the 2.x Trunk is just
the extension
of the 1.9.x "can it be done" development tree and
has _never_ been
touted for Production use.

AFAIK:  the *only* thing PGP offers that Werner has stated
will never be
available in any incarnation of GnuPG is Whole Disk
Encryption.

JOHN ;)
Timestamp: Sunday 25 Feb 2007, 18:10  --500 (Eastern
Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7-svn4431: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho

Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: My Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJF4hdfAAoJEBCGy9eAtCsPV4gH/17/56WC3DNbCrSOP7bt
LXBX
MhUwwl8KdJHDhpH7myEiJ97a1lnZjui38Cnpekk7I3w/uM9U37LAHFJdFtdi
dRDO
Yw0YRknIX3wLkGveO5zrRbu+nqf3p1hNfsvHKssWnf7k27Wg4ZoSaA2RIBM8
iDCI
q4rlcDAubeEZouUY5VBr62tx06c5anGkIcnYcWO2liNXz1iWD5Ffu5xEFP68
dFO0
kFxPGr27Vg2YSjOBAXNPmqzNudGf3kScRZvzOIh32+e2v7hV0Fy3FjrbIxe7
q6ue
IlfYGzxDr7UW1X8aY/367wXTI+DOCvctInB6iliam16ZHWKmCKxyTwyEY+pd
KwI=
=Esnn
-----END PGP SIGNATURE-----


____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://
groups.yahoo.com/group/PGP-Basics/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:PGP-Basics-digest@yahoogroups.com 
    mailto:PGP-Basics-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello John W. Moore III,

On Sunday, February 25 2007 at 04:10 PM PDT, you wrote:

> An Odd statement considering that *I* am running the
1.4.7 Development
> Branch right now!  In fact; Werner has specifically
stated that the
> 1.4.x BRANCH will continue to Development and for
Production Use will
> continue to be strongly encouraged.  the 2.x Trunk is
just the extension
> of the 1.9.x "can it be done" development
tree and has _never_ been
> touted for Production use.

Thanks for the clarification John...I was not aware that the
1.4.x branch
would continue to be developed. 


- -- 
    Nick Andriash
Creston, B.C. Canada


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wsDYAwUBReMH7Fc9HDzJE0djAQphwgwTBRtGdi9WjOKIdgtxrNvpo4b83NQv
QJDV
8BnqHOFeg5RjjQ8cF54OdxpZR5m5kFDxkrsYlEqR+aBZTwLu2VPIDGv5NqLl
S9/u
WJMay3zw5Xy1eIa8BXOIGZYCFTUnNXCYT3IgcK8sFtC3XLiOg1yYmLlBUkog
z52e
kAqWS78AMgrtE+2oFlLLB5QW7NWJEYts8XN/7luhteWRT+09w5/XHrSokmkM
ZoNe
ll6YBuseyZdPu0h7hVvJ8lBV12Pe9ACsH6GqdWbjxBiTJhaXVNyfOYhKKzVE
ojAw
H1XtryUaWJnLhNcOvk7eYa1ZNuXlEAcBN9FSfkRLhrgV2k2JEfg36n8lg7P+
LRJA
oT3RPP41yOHH7y27LyTfj8chtumxhDgJRC2gl3A9YOL4tXhVyg5Dkf0+KsOd
UgBh
6EHxAitoO6G9+nzaCQVyBEqobw3LkYtlvPy3R7AlZuJliZ2mEmmgoBrZM9ai
joZi
+3D4d6dW/p8Gmbprp19FXZ7DWsJU/IMGjmo/
=HueN
-----END PGP SIGNATURE-----



____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://
groups.yahoo.com/group/PGP-Basics/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:PGP-Basics-digest@yahoogroups.com 
    mailto:PGP-Basics-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/