httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <>
Subject Re: Fwd: 1.3.1 missing pgp signature
Date Tue, 28 Jul 1998 00:49:50 GMT
According to Rodent of Unusual Size:

>  If the above is true, there is no win-win scenario.  If we sign with DSS
>  keys, people using PGP 2.6.* won't be able to deal with them.  If we
>  sign with RSA keys, people using PGP 5.2+ will be out in the cold.

Huh... *scratch* I'm pretty sure that all PGP 5.x versions understand PGP 2.6.x
output and all pre-5.5 versions are able to generate RSA keys (correct me if
I'm wrong). IIRC PGP 5.5 won't generate RSA keys, but it should be able to
import and verify RSA-signatures.

But I must admit that I've never used PGP 5, because (at least the early
versions) sucked and I've seen to often PGP 5 and the words 'snake oil'
mentioned in one sentence... but that's another issue. 

Anyone around with PGP 5.5? What happens if you check
the current Apache distribution (signed with 2.6.3i)?
>  I don't know enough (!) about the market penetration of the various
>  versions to be able to guess a least-loss strategy.  What I've
>  adopted personally is using my RSA keys, PGP 2.6.* on Unix, and
>  PGP 5.0 on Win32.  Only my RSA keys are registered or given out to
>  anyone.

My guess is that most people in the Unix world still use PGP 2.6.x
>  Feh.  I don't know anything about this OpenPGP business, but ISTR

Last time I checked wasn't operational, but you can
find some OpenPGP drafts at

Lars Eilebrecht                               - Reality corrupts.                     - Absolute reality corrupts absolutely.

View raw message