[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (Fwd) FC: New version of PGP is "everything the FBI eve
- To: debate@fitug.de
- Subject: Re: (Fwd) FC: New version of PGP is "everything the FBI eve
- From: lutz@taranis.iks-jena.de (Lutz Donnerhacke)
- Date: 6 Oct 1997 14:06:32 GMT
- Comment: This message comes from the debate mailing list.
- Newsgroups: iks.lists.fitug
- Organization: IKS GmbH Jena
- References: <199710061354.NAA27965@boell.SOFTCON.de>
- Sender: owner-debate@fitug.de
* Arne Haeckel wrote:
>Was ist PGPin?
Eine Version, die die letzte frei weiterentwickelbare Version den
Beduerfnissen der Individual Network e.V. Zertifizierungsinfrastruktur
angepasst hat:
971006:
- Bugfix of ordinary PGP: -kc failed to deal correctly w/ DSS signatures.
970905:
- Bugfix: Compile under MSDOS and OSF.
- Some spelling errors.
- ESC is plain text, too.
- Somewhat more verbose output.
- 8192 bit RSA support
970828:
- Certificates of unknown pubkeys are suppressed.
(New Option UNKNOWN_CERTS (On/Off))
- pgp -kvv shows the quality of user identification.
970729:
- Bugfix: Validity period is read correctly from the key ring.
970529:
- Certificates from revoked keys are invalid.
970513:
- Certificates from unknown users are handled correctly.
970512:
- Certificate revocations are correctly handled and displayed.
970418:
- support of a seperate encrypt to self id
- certificates of compromised keys are invalid now
- support of certificate revokation certificates.
You can revoke your ID without loosing your key.
970404:
- try the corresponding key, if the key of the wrong purpose is used,
so 'pgp -se file myname -u myname' will automatically choose the right
keys.
- SIGN keys can be used to decrypt, but PGP will warn the user.
- The language modul could not distinguish two strings, so change them.
- Recommendations for key generating changed: Larger keys, userid options.
970403:
- 2.6.3ia patch included
- bugfixes
970402:
- This version is fully compatibel. Only misusage is prevented.
- While certifying a key the certifier can specify how he checked
the users real identity. This question is quite different to
the question if the key was presented by this person or not!
- SIGN keys can not encrypt.
- SIGN keys can not decrypt (so you can't read it!)
- ENCR keys can not sign or certify.
- Signatures or certifiacts by ENCR keys are invalid. (even self signed)
- Signatures or certificats are invalid, if there timestamp is not covered
by the validity period of the public key. (too young or too old)
- Expired keys are kept but marked. (same for keys valid in future)
- Purpose and expire of a key are set while generating the key.
It is derivated from the userid as described in the policy of the IN-CH.
References:
http://www.in-ca.individual.net/
ftp://ftp.iks-jena.de/pub/mitarb/lutz/crypt/software/pgp/
Diffs and full source (tgz)
*.asc are detached signatures.
Contributors:
Matthias Bruestle for the myetsid feature.
Lutz Donnerhacke for the pgp2.6.3in development.
Ingmar Camphausen, Thomas Roessler, a.o. for extensive testing.
Todo:
- New trust models for revoked certificates.
- Time stamping features (using the Eternity Logfile:
http://www.iks-jena.de/mitarb/lutz/logfile/)
- Support of EBP and PGP5.0 features.
- Better internal key management for faster access.
- Direct support for keyserver issues.