[12147] in cryptography@c2.net mail archive
Re: PGPfreeware 8.0: Not so good news for crypto newcomers
daemon@ATHENA.MIT.EDU (Len Sassaman)
Tue Dec 10 17:26:53 2002
Date: Tue, 10 Dec 2002 13:52:51 -0800 (PST)
From: Len Sassaman <rabbi@abditum.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: <cryptography@wasabisystems.com>, <rdump@river.com>
In-Reply-To: <200212090507.gB957Gq09466@medusa01.cs.auckland.ac.nz>
On Mon, 9 Dec 2002, Peter Gutmann wrote:
> "Richard Johnson" <rdump@river.com> writes:
>
> >To my dismay, the developers of gnupg chose to embed the command line
> >processing deep in their software, making doing a proper library-supported
> >GUI more difficult. This was the same mistake that made PGP 2 such a bear to
> >port, etc. I wish I had the time or skill to fix that, but the reality is I
> >simply don't have either.
>
> There are other PGP libraries available. The Veridis Filecrypt SDK,
> http://www.veridis.com/products/FileCryptSDK/fcsdk.asp, is a commercial
> offering which uses the OpenPGP format,
A warning about Filecrypt SDK --
A few months ago, I was doing OpenPGP interop testing between Mixmaster
and some other 2440 implementations, including PGP, GnuPG, Hushmail, and
Zendit.
In the course of this testing, I discovered that Zendit, which is based on
Veridis's SDK, had a rather alarming bug: it had no concept of subkey
binding signatures (it neither generated them, nor did it verify them.)
The implications here are obvious.
I didn't do any further investigation of this bug, since I found far too
many other interop/usability flaws in Zendit to justify continuing to
worry about it, and I don't know of anyone else using FileCrypt.
Consequently, I don't know if this was a Zendit-specific bug or a problem
with FileCrypt.
I notified both the Zendit and Veridis people about this problem. I
haven't heard from either if this has been fixed.
--Len.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
