[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Migrating to GPG - A mini-HOWTO

On 15 Sep 1999, Martin Mitchell wrote:

> > But we decided that we do not -want- to create a new web of trust, it is
> > too much work and totally unnecessary. The RSA patent expires in 11
> > months, it is wastefull to throw everything away now.
> I don't remember this being discussed on any list before. It doesn't hurt
> to extend the web to an unencumbered keyspace, as long as it is done properly.

It was discussed on -private on and off for the past couple months, nobody
really seemed to mind.

> I don't have a problem with 1-7, however a transition strategy away from
> RSA type keys would be nice, as they continue to use the non-free gpg-rsa
> package. Waiting until the patent expires seems like somewhat of a cop out.

Again when this was brough up before there wasn't exactly much enthusiasm
at ditching RSA now - we have been using it for 3 years after all. It
would actually take us longer to get rid of all 582 RSA keys than it would
to wait the 11 months for RSA to become free.
> 8 and 9 I'd need to seek more information about.

All it means is that GPG should be used in a mode where it will not
interoperate with PGP 2.x. This is what Joey's HOWTO recommended more or


Reply to: