Questions:
There are presently three symmetric algorithms used in PGP. They are IDEA,
Triple-DES, and CAST5.
Ideally, there would be only one MUST algorithm, and the other two are
SHOULD algorithms -- because you lose some compatibility with PGP 5 if you
don't do them, but there are reasons not to do IDEA, for example (it's
patented, and you need a license).
So here are the questions:
(1) Which algorithm is the MUST algorithm?
(2) Should there be more than one MUST algorithm, and if so, which ones?
Please note that arguing for IDEA being a MUST algorithm could lead to the
standard getting bogged down.
(3) Should any remaining algorithms from the original suite be SHOULD or MAY?
(4) What other algorithm(s) do you want to see as MAY algorithms?
I am presently merging my draft of the spec with Lutz's, and will send that
out presently.
My votes:
(1) Triple-DES (because it's less controversial than CAST5).
(2) No, only one MUST algorithm.
(3) I'd like to see both CAST5 and IDEA as SHOULD algorithms.
(4) I have no preferences, but ones mentioned to me are Blowfish and SAFER128.
Jon
-----
Jon Callas jon(_at_)pgp(_dot_)com
Chief Scientist 555 Twin Dolphin Drive
Pretty Good Privacy, Inc. Suite 570
(415) 596-1960 Redwood Shores, CA 94065
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)