PGP problems with PMMail 2000 Pro

Bill McCarthy pmmail@rpglink.com
Fri, 24 Dec 1999 19:59:51 -0500 

On Wed, 22 Dec 1999 20:02:39 -0800, Steve Lamb wrote:

>On Wed, Dec 22, 1999 at 10:24:06PM -0500, Bill McCarthy wrote:

>> Funny, I tell people something similar.  If they don't conform to
>> the standard PGP 2.62, go away.  I won't change to a less secure
>> system until a new standard is established and verified by
>> knowledgeable professionals.

>1: You cannot claim it is less secure.

Sure I can, Steve.  In fact I did.  The "potential backdoor" I 
referred to is not an illusion, that potential is builtin - RTFM.  
Also, from the GNU Privacy Guard Press Notice:

  "Furthermore, all current versions of PGP support some form of
  third party access to cryptographic keys. This "feature" has
  lead to a decrease of faith in the software."

>2: 2.6.x is not a standard no matter what your dillusions might
    be.

No matter your delusions, Steve, it is and will continue to be 
until GPG becomes widely accepted.  That won't happen until 
reliable ports are available to all popular platforms -- and that 
sure in hell hasn't happened yet.

From the GPG download page:

  "OpenPGP signature for this file. Because this may lead to a
   chicken-and-egg problem, there is also a PGP 2 signature."

Note, Steve, that the fallback sig check is PGP 2, not PGP 5!

Also, from `finger help@nym.alias.net`:

    PGP 5.0   Nym.alias.net does not support PGP 5. It is
              recommended that you use PGP 2.6.2 (or a more
              recent version of PGP 2) with nym.alias.net,
              though PGP 5.0 might work in compatibility
              mode. Nym.alias.net will not support PGP 5
              until a stable, free, legal (in the US) version
              is available in source form.

>3: GPG does conform, is open source, is peer reviewed, does 5.x as
>   well as the 2.6.x.

You referred to GPG 1.0.0.  Actually Steve, the current release is 
GPG 1.0.1.  Porting is no where near universal.  Here's the entire 
section for the GPG home:

  Precompiled binaries are available for 

    MS-Windows 95 (490k).
      Note, that this is an alpha release and should not be used
      for any production purposes except to verify signatures.

>    You have no excuses.  Discussion over.

There appears to be a bit of bias in your logic, Steve, but there 
are no excuses.  I agree that the discussion is over, but I see you 
have two more emails on this -- despite your claim of discussion 
over :(

I'll respond to each then leave the topic.

Regards,

Bill