[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"newbie" questions: GPG a.k.a. GnuPG versus PGP corporation's products ... ; et cetera


I'm calling myself a "newbie" with regards to PGP/GPG even though I've through my own
ignorance and incompetence orphaned keys back as far as September 1997.  One day
my brain may, if I am lucky, reconnect with their corresponding passphrases so that
I can revoke them.  I'm guessing there is a very large number of orphaned keys in the PGP universe.

I've read about PGP in Chey Cobb's "Cryptography for Dummies" and PGP/GPG in Michael W. Lucas'
"PGP & GPG:  email for the practical paranoid".  Also, I've used gnupg.pdf as a reference but have
yet to digest all of its 148 pages.

I live under the cloud of the virus a.k.a. Windows [XP, Vista, Server 2003, Server 2008].

     gpg (GnuPG) 1.4.9
     Supported algorithms:
     Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
     Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8), AES256 (S9), TWOFISH (S10)
     Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9), SHA512 (H10), SHA224 (H11)
     Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)

Although there are GUI environments available, for the present, I am sticking with GnuPG and its
various command line tools until I understand them sufficiently to warrant investigating GUI tools.
The former MIT GUI distribution never integrated very well with Outlook Express, at least,
that was my experience.  This is a second reason why I prefer command line tools.

QUESTION # 1:  There seems to currently exist TWO forces in the PGP universe:

                                 (a) GPG -- GnuPG (OpenPGP initiative)
                                 (b) PGP -- PGP Corporation.

                             To what extent are their goals aligned?  More specifically, since (b) is a corporation
                             which is driven by the profit motive and (a) would like to make a reasonable living
                             but is likely more open than the average corporate culture, it's likely more in the
                             interested of (b) to succeed in being universal but not too universal, i.e., to some
                             degree, (b) could grab more market share by being somewhat proprietary.
                             OTOH, it's possible AFAIK that (a) could not succeed without being 100%
                             compatible with (b).

QUESTION # 2:  I have looked at http://www.biglumber.com/ ... http://biglumber.com/x/web?va=1:
                             "Total of 3190 listings (3107 people [442 with images], 83 events) in 79 countries and 1144 cities."
                             613 listings are expired; even if the 613 listings are NOT part
                             of the 3190 listings, "biglumber" is not very much in use.
                             http://pgp.mit.edu/ has been around for many years.  It's possibly a better
                             indicator of how many keys their are ... sadly, it does not appear to offer
                             much in the way of statistics.  OTOH, I almost never receive even PGP
                             signed e-mails.  I spoke with a senior I.T. person recently who was
                             not even aware of PGP technology.

                             To what extent is GPG/PGP technology being used by e-mail users?
                             I'm guessing it must be less than 1% based on the many 1000's of
                             e-mails that I have received each month over the last decade.

I'll have more questions and I hope comments that you'll find useful later.

Thank you for your opinions.

Gerry (Lowry)