On Saturday 28 June 2014 08:09:10 Johan Wevers wrote:
> On 28-06-2014 0:31, Johannes Zarl wrote:
> > The way I see it compatibility between those two groups is a non-issue -
> > they simply don't exchange messages.
> 
> Why not?

My assumptions were as follows:
 - When exchanging messages with untrusted parties it's a Bad Idea(tm) to use 
unmaintained software that is vulnerable to attacks.
 - PGP 8 is unmaintained software and must be assumed to be vulnerable to 
attacks (we know how many security related bugs gpg saw in the last 12 years)
 - Corporate environments do often use legacy systems, but are usually risk-
aware and isolate vulnerable systems.

I therefore assumed that PGP 8 is only used in closed environments, where the 
risk is manageable.

I assumed it is just the same as with, say Internet Explorer 6: Since many 
intranet applications depend on it, is is still used - it is a sensible 
business decision for some companies to do so. Browsing the web using IE6 on 
the other hand is something no corporate environment would allow.

If the lawyer example is a fitting one, then I guess I have an error in my 
assumptions.

<rant>
If I communicate with someone who must use PGP 8, anything stronger than 
1024bit RSA, SHA1 and 3DES is probably wasted effort, anyways.
</rant>


  Johannes

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to