On 6/26/2014 5:57 PM, Daniel Kahn Gillmor wrote: > PGP 8 was released over a decade ago, that's hardly a modern > implementation:
And yet, it still conforms (largely) to RFC4880. Methinks you're objecting because it's a largely-conforming implementation that doesn't have good support for SHA256. ;) > In what ways is its support for SHA-256 limited? I'm having a hard > time finding documentation for it. If I recall correctly, it can understand SHA-256 but not generate SHA-256. SHA-256 generation support was added late in the 8.x series, but earlier 8.x releases could understand it. > How many people use it? It's not as if there are Nielsen ratings for these things. All I can do is say that I still regularly encounter it when I talk to people about PGP. For instance, I know of one law firm that purchased a site license for 8.x and refuses to upgrade, since the more recent editions cost a fortune in per-seat licenses and have very little in the way of new functionality. > Why should anyone cater to users of PGP 8.x in 2014 when we have an > opportunity to provide a stronger cryptographic baseline for everyone > else? Because there are still people using it. Remember, GnuPG also supports most of RFC1991 because we've got a large base of PGP 2.6 users who are refusing to upgrade... _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
