On Saturday 28 June 2014 08:09:10 Johan Wevers wrote: > On 28-06-2014 0:31, Johannes Zarl wrote: > > The way I see it compatibility between those two groups is a non-issue - > > they simply don't exchange messages. > > Why not?
My assumptions were as follows: - When exchanging messages with untrusted parties it's a Bad Idea(tm) to use unmaintained software that is vulnerable to attacks. - PGP 8 is unmaintained software and must be assumed to be vulnerable to attacks (we know how many security related bugs gpg saw in the last 12 years) - Corporate environments do often use legacy systems, but are usually risk- aware and isolate vulnerable systems. I therefore assumed that PGP 8 is only used in closed environments, where the risk is manageable. I assumed it is just the same as with, say Internet Explorer 6: Since many intranet applications depend on it, is is still used - it is a sensible business decision for some companies to do so. Browsing the web using IE6 on the other hand is something no corporate environment would allow. If the lawyer example is a fitting one, then I guess I have an error in my assumptions. <rant> If I communicate with someone who must use PGP 8, anything stronger than 1024bit RSA, SHA1 and 3DES is probably wasted effort, anyways. </rant> Johannes _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
