-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Sep 16, 2003 at 08:15:53AM -0700, vedaal(_at_)hush(_dot_)com wrote:
On Mon, 15 Sep 2003 21:18:05 -0700 David Shaw
<dshaw(_at_)jabberwocky(_dot_)com>
wrote:
Trying to be
backwards compatible by using IDEA in an algorithm conflict between
a
V3 key and an Elgamal subkey is pointless since PGP 2.x won't be able
to handle the message anyway due to the use of Elgamal.
Some experimentation shows that using IDEA when having a V3<=>V4
algorithm conflict only works if the V4 (sub)key is:
a) RSA
and
b) <=2112 bits
The above is true for MIT PGP 2.6.2 and PGP 2.6.3ia. I don't know
about Disastry's "2.6.3ia-multi05", or any other programs that might
implement RFC-1991.
it is not a problem at all in Disastry's multi builds, as they accept
all symmetrical algorithms, (and all hashes),
The issue is unrelated to having sufficient symmetric algorithms, IDEA
or otherwise. The issue is that 2.x-derived implementations of PGP
cannot cope with the encrypted session key from most v4 (sub)keys.
The draft suggests (though does not recommend) using IDEA in an
algorithm conflict between v3 and v4 keys in order to improve
backwards compatiblity. My point was that this is not necessarily
useful advice since the 2.x implementation would likely fail anyway,
because of the Elgamal-encrypted session key.
There is no backwards compatiblity with a message encrypted to both a
v3 and v4 key, unless the v4 key happens to be an RSA key that is
<=2112 bits long. Anything else makes the message unusable by PGP
2.x.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iHEEARECADEFAj9nmqwqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJW/cAniLOGF/CCO3dKWZdf/dtLyoTlwVxAKCM
Va3YD7ebUQIw61bLuZhrD7Znig==
=rXWx
-----END PGP SIGNATURE-----