[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Fwd) FC: New version of PGP is "everything the FBI eve

* Arne Haeckel wrote:
>Was ist PGPin?

Eine Version, die die letzte frei weiterentwickelbare Version den
Beduerfnissen der Individual Network e.V. Zertifizierungsinfrastruktur
angepasst hat:

  - Bugfix of ordinary PGP: -kc failed to deal correctly w/ DSS signatures.

  - Bugfix: Compile under MSDOS and OSF.
  - Some spelling errors.
  - ESC is plain text, too.
  - Somewhat more verbose output.
  - 8192 bit RSA support

  - Certificates of unknown pubkeys are suppressed.
    (New Option UNKNOWN_CERTS (On/Off))
  - pgp -kvv shows the quality of user identification.

  - Bugfix: Validity period is read correctly from the key ring.

  - Certificates from revoked keys are invalid.

  - Certificates from unknown users are handled correctly.

  - Certificate revocations are correctly handled and displayed.

  - support of a seperate encrypt to self id
  - certificates of compromised keys are invalid now
  - support of certificate revokation certificates.
    You can revoke your ID without loosing your key.

  - try the corresponding key, if the key of the wrong purpose is used,
    so 'pgp -se file myname -u myname' will automatically choose the right
  - SIGN keys can be used to decrypt, but PGP will warn the user.
  - The language modul could not distinguish two strings, so change them.
  - Recommendations for key generating changed: Larger keys, userid options.

  - 2.6.3ia patch included
  - bugfixes

  - This version is fully compatibel. Only misusage is prevented.
  - While certifying a key the certifier can specify how he checked
    the users real identity. This question is quite different to
    the question if the key was presented by this person or not!
  - SIGN keys can not encrypt.
  - SIGN keys can not decrypt (so you can't read it!)
  - ENCR keys can not sign or certify.
  - Signatures or certifiacts by ENCR keys are invalid. (even self signed)
  - Signatures or certificats are invalid, if there timestamp is not covered
    by the validity period of the public key. (too young or too old)
  - Expired keys are kept but marked. (same for keys valid in future)
  - Purpose and expire of a key are set while generating the key.
    It is derivated from the userid as described in the policy of the IN-CH.

    Diffs and full source (tgz)
    *.asc are detached signatures.

  Matthias Bruestle for the myetsid feature.
  Lutz Donnerhacke for the pgp2.6.3in development.
  Ingmar Camphausen, Thomas Roessler, a.o. for extensive testing.

  - New trust models for revoked certificates.
  - Time stamping features (using the Eternity Logfile:
  - Support of EBP and PGP5.0 features.
  - Better internal key management for faster access.
  - Direct support for keyserver issues.