Sam Tuke samtuke@fsfe.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 24/10/13 10:35, Anna Morris wrote:
So we have OpenPGP too? Is that different to PGP? How is it different
to
GPG lol - *head on desk*
To elaborate on David's answer:
PGP is the original proprietary software for asymmetric email encryption OpenPGP is an open standard for storing and handling keys like PGP does GPG is the most widely used PGP-like application, and is also Free Software
That's pretty much it. Further, the free software is properly called GnuPG, or the GNU Privacy Guard, but commonly referred to as GPG, and gpg is the name of the command.
PGP stands for Pretty Good Privacy.
The OpenPGP history page covers its conception[1].
The situation is confused by the fact that "PGP" is used to refer to all three, though strictly speaking it now only refers to a proprietary product owned by Symantec.
This is why I always try to refer to OpenPGP when I talk about the protocol, rather than any one product. In one way, I can see that as confusing when most people seem to call it PGP, but I hope, as with this thread, that being fussy about the terminology de-confuses things in the end.
Similarly, SSH, though most commonly used in its Free Software implementation, is also a standard that is implemented by proprietary software companies. Therefore the term "SSH" can refer to the SSH protocl, one of many proprietary SSH software systems, or (most commonly) the OpenSSH application.
At least SSH is actually the name of the protocol *and* the proprietary software! (Although you could refer to the latter as Tectia SSH.) The protocol now in use by PGP and GnuPG is no longer called PGP if we're being pedantic about it.
"SSL" is another. There are two main protocol versions in current use: SSL 3 and TLS 1. Every modern implementation should now support at least TLS 1.0 (and ideally up to the latest TLS 1.2), so we might properly refer to it as TLS, but we're stuck with the name SSL. History strikes again!
In addition to that, if you're looking to use TLS, you need a private and public keypair, similar to that used with OpenPGP. The public part is the certificate, which follows a standard called X.509, is hardly ever referred to as an X.509 certificate, but as an SSL certificate, and it doesn't even have to be used with SSL or TLS.
The software, by the way, is boringly not called SSL. This is probably because it gets implemented in libraries, rather than directly by end user software. Most SSL and TLS libraries are free software, with OpenSSL being the most common, and GnuTLS being a relatively recent addition. NSS (Network Security Services) is that used by Netscape, and then Mozilla. SChannel is Microsoft's proprietary implementation, a part of its operating systems.
Simon